# Social identities *identities* contains the user info retrieved from social sign-in (i.e., sign-in with a social connector). Each user's *identities* is stored in an individual JSON object. The user info varies by social identity provider (i.e., social network platform), and it typically includes the following: * *ProviderName* of the identity provider, such as "facebook", "google", or "wechat" * User's unique identifier for this provider * User's name * User's verified email * User's avatar The user's account may be linked to multiple social identity providers via social sign-in; the corresponding user info retrieved from these providers will be stored in the *identities* object. Sample *identities* from a user who signed in with both WeChat and Facebook: ``` { "provider_type": "social", "provider_name": "FACEBOOK", "social_identity_ref": "", "username": "" }, { "provider_type": "social", "provider_name": "WECHAT", "social_identity_ref": "", "username": "" } ``` {% hint style="info" %} INFO The *identities* can NOT be updated using "Admin Console" or "Management API". {% endhint %} Every time the user signs in with a social connector, their *identities* will be automatically imported or updated from the identity provider. ## **Custom Fields** *custom\_fields* stores additional user info not listed in the pre-defined user properties. You can use *custom\_data* to do the following things: * Record whether specific actions have been done by the user, such as having seen the welcome page. * Store application-specific data in the user profile, such as the user's preferred language and appearance per application. * Maintain other arbitrary data related to the user. Sample *custom\_data* from an admin user in Auth: ``` { "customDataFoo": { "foo": "foo" }, "customDataBar": { "bar": "bar" } } ``` Each user's *custom\_field* is stored in an individual JSON object. **DO NOT PUT SENSITIVE DATA IN *****CUSTOM\_DATA*** You may fetch a user profile containing *custom\_field* using Management API and send it to the frontend apps or external backend services. Therefore, putting the sensitive information in *custom\_field* may cause data leaks. If you still want to put the sensitive information in *custom\_field*, we recommend encrypting it first. Only encrypt/decrypt it in a trusted party like your backend services, and avoid doing it in the frontend apps. These will minimize the loss if your users' *custom\_field* is leaked by mistake. You can update the user's *custom\_data* using Admin Console or Management API, **UPDATE CAREFULLY** Updating a user's *custom\_field* will completely overwrite its original content in the storage. For example, if your input of calling update *custom\_field* API looks like this (suppose that the original *custom\_field* is previous shown sample data): ``` { "customDataBaz": { "baz": "baz" } } then new custom_data value after updating should be: { "customDataBaz": { "baz": "baz" } } ``` That is, the updated field value has nothing to do with the previous value.