Auth0 adds on data

Question

Is there a way to attach some data to a user after he logged in ? I want to implement it somewhere after he press logged in and according to his credintials (email) it will find the applicable data to this user and pass it to me so inside the user object. right now the user object holds : email: email_verified: family_name: given_name: locale: name: nickname: picture: sub: how can i add to this object ? Thanks in Advance!

Answer 1

Answer I got from auth0 support: Hey ,

Warning: Auth0 does not recommend putting Management API Tokens on the frontend that allow users to change user metadata. This can allow users to manipulate their own metadata in a way that could be detrimental to the functioning of the applications. It also allows a customer to do a DoS attack against someone’s management API by just spamming it and hitting rate limits.

Now and to answer your question, yes, you can hit Management API endpoints from a SPA application. However, since single-page applications (SPAs) are public clients and cannot securely store sensitive information (such as a Client Secret ), they must retrieve Management API Tokens from the frontend, unlike other application types. This means that Management API Tokens for SPAs have certain limitations. Specifically, they are issued in the context of the user who is currently signed in to Auth0 which limits updates to only the logged-in user’s data. Although this restricts the use of the Management API, it can still be used to perform actions related to updating the logged-in user’s user profile.

With a Management API Token issued for a SPA, you can access the following scopes (and hence endpoints):

Source: Get Management API Access Tokens for Single-Page Applications 1