After you have set up your user profiles, Auth0 can help you define custom user data using the metadata within the user profiles.
There are two kinds of metadata in Auth0:
user_metadata
stores user attributes (such as preferences) that do not impact users' core functionality. An authenticated user can modify this type of data.app_metadata
stores information (such as users' support plans, security roles, and access control groups) that can impact users' core functionality. For example, how an application functions or what the user can access. A user cannot modify this type of data.For example, suppose the following metadata is stored for a use with the email address jane.doe@example.com
:
{
"emails": "jane.doe@example.com",
"user_metadata": {
"hobby": "surfing"
},
"app_metadata": {
"plan": "full"
}
}
Was this helpful?
To read metadata, simply access the correct property as you would from any JSON object. For example, if you were working with the above example metadata within a Rule or via a call to the Management API, you could reference specific items from the data set as follows:
console.log(user.email); // "jane.doe@example.com"
console.log(user.user_metadata.hobby); // "surfing"
console.log(user.app_metadata.plan); // "full"
Was this helpful?
There are a few different ways you can customize the user metadata:
Use Rules, which execute after a user has been authenticated, to augment the user profile during the authentication transaction, and optionally persist those changes back to Auth0.
Use the GET/userinfo
endpoint to get a user's user-metadata
, however you must first write a Rule to copy metadata properties to the ID Token.
If you have a database connection, use the Authentication API with the Signup endpoint to set the user-metadata
for a user. For an example, refer to Custom Signup > Using the API.
You can use the Management API to create, retrieve, or update both the user-metadata
and app-metadata
fields.
After you have customized the user metadata, you can manage and store data related to each of your users that doesn't originate from identity providers in the Auth0 data store or your own custom database.
API endpoints, libraries, and best practices