Actions Triggers: post-login - API Object

The API object for the post-login Actions trigger includes:

api.access

Modify the access of the user that is logging in, such as rejecting the login attempt.

api.access.deny(reason)

Mark the current login attempt as denied. This will prevent the end-user from completing the login flow. This will NOT cancel other user-related side-effects (such as metadata changes) requested by this Action. The login flow will immediately stop following the completion of this action and no further Actions will be executed.

Returns a reference to the api object.

Parameter Description
reason

String. A human-readable explanation for rejecting the login. This may be presented directly in end-user interfaces.

api.accessToken

Request changes to the access token being issued.

api.accessToken.setCustomClaim(name, value)

Set a custom claim on the Access Token that will be issed upon completion of the login flow.

Returns a reference to the api object.

Parameter Description
name

String. Name of the claim (note that this may need to be a fully-qualified url).

value

Any value. The value of the claim.

api.idToken

Request changes to the ID token being issued.

api.idToken.setCustomClaim(name, value)

Set a custom claim on the ID token that will be issed upon completion of the login flow.

Returns a reference to the api object.

Parameter Description
name

String. Name of the claim (note that this may need to be a fully-qualified url).

value

Any value. The value of the claim.

api.multifactor

Set or remove the requirement for multifactor authentication on the login attempt.

api.multifactor.enable(provider, options)

Enable multifactor authentication for this login flow. When enabled, users must complete the configured multifactor challenge. The actual multifactor challenge will be deferred to the end of the login flow.

Returns a reference to the api object.

Parameter Description
provider

String. The name of the multifactor provider to use or the value "any" to use any of the configured providers.

Supported values include:

  • any Use any of the configured challenges.
  • duo Use the Duo mutlifactor provider.
  • google-authenticator Use the Google Authenticator provider.
  • guardian Use the Guardian provider.
options

Optional object. Additional options for enabling multifactor challenges.

Supported options include:

  • allowRememberBrowser Optional boolean. Determines if browser should be remembered such that the multifactor challenge can later be skipped. Defaults to true.

api.user

Make changes to the metadata of the user that is logging in.

api.user.setUserMetadata(name, value)

Set metadata for the user that is logging in. Data stored within user_metadata is visible and editable by the user.

Returns a reference to the api object.

Parameter Description
name

String. The name of metadata property.

value

Any value. The value of the metadata property. This may be set to `null` to remove the metadata property.

api.user.setAppMetadata(name, value)

Set application metadata for the user that is logging in. Data stored within app_metadata is not visible or editable by the user.

Returns a reference to the api object.

Parameter Description
name

String. The name of metadata property.

value

Any value. The value of the metadata property. This may be set to `null` to remove the metadata property.