Social identities
identities contains the user info retrieved from social sign-in (i.e., sign-in with a social connector). Each user's identities is stored in an individual JSON object.
The user info varies by social identity provider (i.e., social network platform), and it typically includes the following:
ProviderName of the identity provider, such as "facebook", "google", or "wechat"
User's unique identifier for this provider
User's name
User's verified email
User's avatar
The user's account may be linked to multiple social identity providers via social sign-in; the corresponding user info retrieved from these providers will be stored in the identities object.
Sample identities from a user who signed in with both WeChat and Facebook:
INFO
The identities can NOT be updated using "Admin Console" or "Management API".
Every time the user signs in with a social connector, their identities will be automatically imported or updated from the identity provider.
Custom Fields
custom_fields stores additional user info not listed in the pre-defined user properties.
You can use custom_data to do the following things:
Record whether specific actions have been done by the user, such as having seen the welcome page.
Store application-specific data in the user profile, such as the user's preferred language and appearance per application.
Maintain other arbitrary data related to the user.
Sample custom_data from an admin user in Auth:
Each user's custom_field is stored in an individual JSON object.
DO NOT PUT SENSITIVE DATA IN CUSTOM_DATA
You may fetch a user profile containing custom_field using Management API and send it to the frontend apps or external backend services. Therefore, putting the sensitive information in custom_field may cause data leaks.
If you still want to put the sensitive information in custom_field, we recommend encrypting it first. Only encrypt/decrypt it in a trusted party like your backend services, and avoid doing it in the frontend apps. These will minimize the loss if your users' custom_field is leaked by mistake.
You can update the user's custom_data using Admin Console or Management API,
UPDATE CAREFULLY
Updating a user's custom_field will completely overwrite its original content in the storage.
For example, if your input of calling update custom_field API looks like this (suppose that the original custom_field is previous shown sample data):
That is, the updated field value has nothing to do with the previous value.
Last updated