Actions Limitations

Actions Limitations

Actions is not available on Private Cloud.

The following limitations exist when using Actions:

  • Each Action should not exceed 100 kB. The larger the size, the more latency is introduced, which may have an impact on the performance of your system. This size limit limit does not include any npm modules that may be referenced as part of any require statements.

  • Each execution of a flow must complete in 10 seconds or less or the processing will end in an error. Limiting HTTP requests is the best way to keep within this time limit. Actions that are not limited by this time limit while on the external page.

  • Each execution of a flow must complete in 10 seconds or less or the processing will end in an error. Limiting long-running processes, like outbound HTTP requests without a timeout, is necessary to keep within this time limit. An Action that redirects users to an external page has a separate timeout before the redirect and after.

  • Calls made to the Auth0 Management API and User Metadata updates are rate limited.

  • Each Action may have a maximum of 10 npm modules.

  • Each tenant may have a maximum of 100 Actions (including both deployed and undeployed). When an Action is deleted, it no longer counts toward the limit.

  • Each Action may have a maximum of 50 associated versions (both draft and active). Once the limit is reached, every additional version that is added will result in the oldest version being deleted.

  • Each flow may have a maximum of 20 active bound Actions.

  • Each secret key may have a maximum length of 128 characters, and each secret value may have a maximum length of 2048 characters.

  • A maximum of 256 characters may be persistently stored for console.log() outputs for each Action.

  • Each session may have a maximum of 4kB each of user metadata persistence and 4kB of app metadata persistence.

  • Execution logs are retained for 10 days.

  • HTTP calls to external services originate from these IP addresses

Actions does not currently support:

  • Altering access token scopes

  • Altering SAML response mapping

  • Caching

  • Account linking

  • Top-level event.user attributes added by an external IdP or custom database script

Learn more