releases.shpreview
Auth0/Auth0 Changelog/Refresh Token Metadata now available in Early Access

Refresh Token Metadata now available in Early Access

February 6, 2026Auth0 Changelog
$npx -y @buildinternet/releases show rel_IczDSm1QWAvcCcUZkUGBr

We're excited to announce that Refresh Token Metadata is now available in Early Access for Enterprise customers.

Refresh Token Metadata allows you to attach custom key-value pairs to refresh tokens, enabling richer context storage and more personalized authentication experiences.

What's New

Store Custom Data on Refresh Tokens

You can now attach up to 25 custom key-value pairs to each refresh token. This metadata persists throughout the token's lifecycle and can be accessed or modified via the Management API.

// In Post-Login Action
exports.onExecutePostLogin = async (event, api) => {
  api.refreshToken.setMetadata('deviceName', event.request.user_agent);
  api.refreshToken.setMetadata('loginRegion', event.request.geoip?.countryCode);
  api.refreshToken.setMetadata('orgContext', event.organization?.id);
};

Management API Support

Access and manage refresh token metadata programmatically:

  • GET /api/v2/refresh-tokens/{id} - Retrieve token with metadata
  • PATCH /api/v2/refresh-tokens/{id} - Update token metadata
  • DELETE /api/v2/refresh-tokens/{id} - Revoke token

Learn more about Refresh Token Metadata in our documentation

Fetched April 15, 2026