Manage User Metadata

Manage User Metadata

You can create and update metadata using Rules, the Authentication API, the Management API, and the Lock library.


Rules are JavaScript functions executed as part of the Auth0 authentication process (prior to authorization). Using rules, you can read, create, or update user metadata and have such changes affect the results of the authorization process.

For more information and examples, see User Metadata in Rules.

Authentication API

If you have a custom database connection, you can use the Authentication API Signup endpoint to set the user_metadata for a user. For an example of working with metadata during a custom signup process, see Custom Signup > Using the API.

When setting the user_metadata field using the Authentication API's Signup endpoint, you are limited to a maximum of 10 String fields and 500 characters.

You can also use the GET /userinfo endpoint to get a user's user_metadata, however you must first write a Rule to copy user_metadata properties to the ID Token.

Management API

Use the following Management API endpoints to view, create, update, and delete the user_metadata and app_metadata fields.

Task Endpoint Scope
View GET /api/v2/user/{id} read:current_user_metadata
Create PATCH /api/v2/users/{id} create:current_user_metadata
Update PATCH /api/v2/users/{id} update:current_user_metadata
Delete DELETE /api/v2/users/{id}/multifactor/{provider} delete:current_user_metadata

The Auth0 Management APIv2 token is required to call the Auth0 Management API. Learn more about Access Tokens for the Management API and Get Access Tokens for SPAs.

Lock library

You can define, add, read, and update the user_metadata using Auth0's Lock library. For information on adding user_metadata on signup, see Additional Signup Fields.

When using Lock, you can read the user's user_metadata properties the same way you would for any other user profile property. For example, the following code snippet retrieves the value associated with user_metadata.hobby and assigns it to an element on the page:

// Use the accessToken acquired upon authentication to call getUserInfo
lock.getUserInfo(accessToken, function(error, profile) {
  if (!error) {
    document.getElementById('hobby').textContent = profile.user_metadata.hobby;

Keep reading