Auth0 provides a comprehensive system for storing metadata in the Auth0 user profile. You can use metadata to do the following activities:

• Store application-specific data in the user profile.

• Record whether or not specific operations have occurred for a user.

• Cache the results of expensive operations on the user profile so they can be re-used in future logins.

• Store information that does not originate from an identity provider or that overrides what an identity provider supplies.

The metadata can be modified as part of a user’s login flow.

You can configure connection sync so that user root attributes are updated by the identity provider only on user profile creation. You can then edit root attributes individually or by bulk import. To learn more, read Configure Identify Provider Connection for User Profiles Updates.

Auth0 uses three types of metadata to store specific kinds of information.

You can create and update metadata using Rules, the Authentication API, the Management API, the Auth0 Dashboard, and the Lock library.

It is not recommended that app_metadata or user_metadata be returned by

• custom DB scripts

• the fetchUserProfile script of custom social connections

Rules are JavaScript functions executed as part of the Auth0 authentication process (prior to authorization). Using rules, you can read, create, or update user metadata and have such changes affect the results of the authorization process.

To learn more, read Manage Metadata with Rules.

You can also use the GET /userinfo endpoint to get a user's user_metadata, however, you must first write a Rule to copy user_metadata properties to the ID token.

Use the following Management API endpoints to view, create, update, and delete user_metadata and app_metadata.

An access token is required to call the Auth0 Management API. To learn more, read Access Tokens for the Management API and Get Management API Tokens for SPAs.

Use the Auth0 Dashboard to configure application metadata which contains key/value pairs. To learn more, read Configure Application Metadata.

Use the Lock library to define, add, read, and update user_metadata. Read user_metadata properties the same way you would read any other user profile property. For example, the following code snippet retrieves the value associated with user_metadata.hobby and assigns it to an element on the page:

// Use the accessToken acquired upon authentication to call getUserInfo
lock.getUserInfo(accessToken, function(error, profile) {
  if (!error) {
    document.getElementById('hobby').textContent = profile.user_metadata.hobby;
  }
});

You can use additionalSignUpFields to add custom fields to user sign-up forms. When a user adds data in a custom field, Auth0 stores entered values in that user's user_metadata. To learn more about adding user_metadata on signup, read Additional Signup Fields.

If you have a custom database connection, you can use the Authentication API /dbconnections/signup endpoint to set the user_metadata for a user. To learn more about working with metadata during a custom signup process, read Custom Signup.

When you set the user_metadata field using the Authentication API /dbconnections/signup endpoint, you are limited to a maximum of 10 string fields and 500 characters.

Use metadata to store information that you want to use to customize Auth0 emails. For example, use user_metadata.lang if you want the user to be able to change the field's value, then use the information to customize the language for an email. To learn more, read Customize Email Templates.

• Metadata Field Names and Data Types
• Manage Metadata with Rules
• Manage Metadata Using the Management API
• Manage Metadata with Lock
• Configure Application Metadata
• Manage User Metadata with the post-login Action Trigger