We are pleased to announce the release of Actions Transaction Metadata for Auth0 Actions, a significant new feature designed to enhance the efficiency and maintainability of your authentication flows.
When composing Actions, developers have needed to store variables locally in the Actions engine but have been unable to do so efficiently. This requirement has led to workarounds that involve misusing other features to mimic local storage, which results in higher Management API usage, difficulty debugging, and unreliable code. Now, Actions Transaction Metadata provides a dedicated and robust method to store and pass custom variables across your Actions.
We are going to look at two commonly used workarounds for local variable storage, Auth0 Actions Cache (api.cache) and Profile Metadata (user_metadata, app_metadata), and address how Actions Transaction Metadata is a better fit.
Auth0 Actions Cache
Previously, a common workaround was utilizing the Actions Cache, which provides developers a caching mechanism to reduce the overhead of obtaining tokens or re-fetching data in Actions. This means we've enabled machine-to-machine token caching so developers no longer need to create new tokens but can instead cache existing tokens. Again, not meant for ephemeral purposes, but rather as a way to store machine-to-machine credentials for external service calls. The cache should not be used for transaction or user related data because it is cross-transaction. The data stored via this mechanism is meant as an efficiency improvement for a specific purpose across many transactions, not for local storage of user data.
Caching can also lead to issues because the cache is different across Actions containers. This means a cache called in one Actions flow may be storing different data from an adjacent or subsequent Action. The Actions Cache is not a reliable solution for ephemeral variables in a scalable environment.
Profile Metadata
Formerly, if your Action code required a stored variable for temporary use, a common workaround involved using profile metadata as follows:
Step 1: In Action 1, create the temporary variable in either the user’s app or user metadata:
api.user.setUserMetadata('tmp1', 1); api.user.setAppMetadata('tmp2', 2);
Step 2: In Action 2, accessing these variables with the event.user.user_metadata or event.user.app_metadata object:
console.log(event.user.user_metadata?.tmp1); console.log(event.user.app_metadata?.tmp2);
Step 3: In Action 3, the temporary metadata attribute must be explicitly set to null to avoid persisting in the user profile:
api.user.setUserMetadata('tmp1', null); api.user.setAppMetadata('tmp2', null);
As we can see with these flows there is a reliance on the Management API on the Auth0 server, when it would be much more effective to have local data storage in the Actions serverless engine.
Actions Transaction Metadata
Now, with Actions Transaction Metadata, the process is streamlined:
Step 1: In Action 1, set the variable using the api.transaction.setMetadata object. The data is immediately accessible within the same Action and by subsequent Actions:
api.transaction.setMetadata('hello', 'Auth0');
Step 2: In Action 2, access the data directly without needing an external API call:
console.log('Hello ', event.transaction?.metadata?.hello); // Outputs "Hello Auth0"
Step 3: Cleanup is not required as ephemeral variables automatically clear after the Actions sequence executes, though you may explicitly set it to null if desired.
Key benefits of Actions Transaction Metadata include:
- Reduced API usage: Some customers in our Early Access phase observed up to an 87.5% reduction in Auth0 Management API usage by adopting Transaction Metadata over profile storage.
- Simplified code: Eliminate complex workarounds, leading to less complicated Action code and easier maintenance.
- Improved performance: Data lives within the Actions engine, reducing latency and reliance on external API calls.
- Immediate access: Variables can be accessed immediately within the same Action and subsequent Actions without requiring additional API calls.
This Early Access release, available for Enterprise customers, supports the post-login actions trigger, with plans to extend functionality to other triggers in the future. We encourage you to explore this new feature to streamline your development processes and optimize your Auth0 implementations.
For detailed documentation, please refer to the Actions Transaction Metadata documentation.
Happy building!
These materials are intended for general informational purposes only. Please discuss internally and conduct any necessary testing before making any changes or code updates.