Skip to main content
Session Metadata is currently in Early Access for Enterprise customers only. By using this feature, you agree to the applicable Free Trial terms in Okta’s Master Subscription Agreement. To learn more about Auth0’s product release cycle, read Product Release Stages.
Session metadata allows the storage of customizable keys and values (maximum 255 characters each) in an Auth0 user session. Use cases for session metadata include:
  • Track device information, such as device name or login location
  • Store session-level flags, for example, user_accepted_terms
  • Share state between multiple Actions in the same flow
  • Drive conditional logic for logout or token issuance
You can use session metadata information downstream systems such as audit, analytics, and revocation pipelines that may need to be aware of a user’s organization data. To learn more, read Use case: Organization Information in Session Metadata. You can access and modify session metadata during a session’s lifecycle using Auth0 Actions and the Management API. In addition, you can include session metadata in the OpenID Connect Back-Channel Logout token. To learn more, read how to Configure Session Metadata.

Limitations

  • Session metadata is available only when created in a browser-based session
  • Auth0 does not support session metadata with the following:
    • Resource Owner Password Flow
    • Native Passkeys
    • Native Social Logins such as Sign in with Apple, Google, or Facebook
I