Learn how to use Auth0 session and refresh token metadata to track device context, improve security, and implement contextual identity management.

Auth0's platform is a  identity management solution, offering insights into authentication, authorization, and user management for web and mobile applications. Through articles, tutorials, and documentation, Auth0 offers insights into securing applications with modern identity protocols like OAuth and OpenID Connect. Developers can learn about implementing single sign-on (SSO), multi-factor authentication (MFA), and user authorization policies to enhance application security and user experience.

Auth0

Auth0 session and refresh token metadata provide a way to attach ephemeral, instance-specific key-value pairs to authentication artifacts without polluting the global user profile. Session metadata suits browser-based SSO flows and supports use cases like TLS/JA3/JA4 device fingerprinting and real-time risk flagging via the Management API. Refresh token metadata is better suited for native and mobile apps, enabling persistent context like referral attribution, language preferences, and friendly device names across token rotations. Both can be set via Post-Login Actions or updated out-of-band through the Management API. The guide also covers what not to store (secrets, PII, large objects) and how to choose between transaction, session, refresh token, and user profile metadata depending on data lifetime and scope. This feature is available on Auth0 Enterprise Plans.

A Guide to Auth0 Session and Refresh Token Metadata

Implementing Session Metadata for Web Applications

Leveraging Refresh Token Metadata for Native and Mobile Apps

Ready to Build? Here Is Your Get-Started Checklist