Skip to main content
Session metadata makes the user context data portable and visible across the session lifecycle and in logout events. Downstream systems can use session metadata information to conduct audits, perform analytics, and apply revocation pipelines, among other uses.
Auth0 Session Metadata is not a secure data store and should not be used to store sensitive information. This includes secrets and high-risk PII like social security numbers or credit card numbers, etc. Auth0 customers are strongly encouraged to evaluate the data stored in metadata and only store that which is necessary for identity and access management purposes. To learn more, read Auth0 General Data Protection Regulation Compliance.

Add organization information to session metadata

You can use Actions to store the organization’s identifiers in a session with the post-login api.session.setMetadata() method and query it with the event.session.metadata object. Post-Login Action code:
The session metadata is available for subsequent Actions, retrievable via the Management API and can be included in the OpenID Connect Back-Channel Logout token.
  • In subsequent Actions, you can query the data via the event.session.metadata object:
  • If you use the Management API, you can query the data via the /api/v2/sessions/ endpoint:
Sample response:
Calls to the /api/v2/sessions/{id} endpoint require a Management API access token with the update:session scope.