Actions Limitations
The following limitations exist when using Actions:
Each Action should not exceed 100 kB. The larger the size, the more latency is introduced, which may have an impact on the performance of your system. This size limit limit does not include any
npm
modules that may be referenced as part of anyrequire
statements.Each execution of a flow must complete in 20 seconds or less or the processing will end in an error. Limiting HTTP requests is the best way to keep within this time limit.
Each execution of a flow must complete in 20 seconds or less or the processing will end in an error. Limiting long-running processes, like outbound HTTP requests without a timeout, is necessary to keep within this time limit. An Action that redirects users to an external page has a separate timeout before the redirect and after.
Calls made to the Auth0 Management API and User Metadata updates are rate limited.
Each Action may have a maximum of 10
npm
modules.Each tenant may have a maximum of 100 Actions (including both deployed and undeployed). When an Action is deleted, it no longer counts toward the limit.
Each Action may have a maximum of 50 associated versions (both draft and active). Once the limit is reached, every additional version that is added will result in the oldest version being deleted.
Each flow may have a maximum of 20 active bound Actions.
Each Action may have a maximum of 30 secrets.
Each secret key may have a maximum length of 128 characters, and each secret value may have a maximum length of 2048 characters.
A maximum of 256 characters may be persistently stored for
console.log()
outputs for each Action.Each session may have a maximum of 32kB each of user metadata persistence and 32kB of app metadata persistence.
Execution logs are retained for 10 days.
HTTP calls to external services originate from these IP addresses.
We do not support Typescript in actions. Source files must be written in JavaScript before being deployed.
A new
event.request
object is issued anytime an Action flow is suspended and then subsequently resumed (for example, due to a redirect or MFA challenge).
Cached data:
Cached items persist for a maximum of 24 hours.
A maximum of 20 entries can be cached per Trigger.
Cache keys have a maximum size of 64 bytes and values have a maximum size of 4kB.
The cumulative size of cached keys and their values must not exceed 8kB.
Actions that perform an Execution that yields back (such as a redirect) may result in subsequent actions being scheduled on a separate instance with a different cache state. This can result in cached data being inconsistent from one Action to the next.
SAML attributes:
A maximum of 100 SAML attributes can be changed or added by Actions.
SAML attribute names have a maximum size of 1kB.
SAML values have a maximum size of 2kB.
The total SAML assertions have a maximum size of 10kB.
SAML configuration:
audience
has a maximum size of 2kBrecipient
has a maximum size of 2kBdestination
has a maximum size of 2kBnameIdentifierFormat
has a maximum size of 0.5kBnameIdentifierProbes
has a maximum of 10 probes with a maximum size of 0.5kB eachauthnContextClassRef
has a maximum size of 0.5kBsigningCert
has a maximum size of 4kBencryptionCert
has a maximum size of 4kBencryptionPublicKey
has a maximum size of 4kBcert
has a maximum size of 4kBkey
has a maximum size of 4kB
Account Linking (setPrimaryUser):
primary_user_id
is limited to 128 characterssetPrimaryUser
can be called once per transactionAny userMetadata set in the same Action as
setPrimaryUser
is discarded and will be lost. Subsequent Actions within the same transaction will retain userMetadata on the new primary user.setPrimaryUser
can not be used in the same transaction where a Rule setscontext.primaryUser.
Actions does not currently support:
Retrieving External IdP tokens from the Identities array