.svg)
Hanko now supports user metadata that can be attached to user profiles and managed via the Admin API. Metadata is organized into three categories:
Private metadata cannot be accessed via the public API and should be used for sensitive data that should not be exposed to the client (e.g., internal flags/ids, configuration, or access control details).
Public metadata can be read via the public API and should be used for non-sensitive information that you want accessible but not modifiable by the client (e.g., certain user roles, UI preferences, display options).
Unsafe metadata can be read and manipulated via the public API and should be used for non-sensitive, temporary or experimental data that doesn’t need strong safety guarantees.
Metadata can be accessed in session JWT templates to map metadata to claims in a session token.
See Metadata docs for full details and examples.
