auth0 · daniloasis-auth0 · Nov 27, 2025 · Jan 20, 2026
@@ -216,7 +216,7 @@ In your `tsconfig.json`, define any development dependencies to have intelliSens
 </Tab>
 </Tabs>
 
-#### Post-Login access control and ID token custom claims
+### Post-Login access control and ID token custom claims
 
 The following example Action would execute during the Post-Login flow. It checks if the user has roles assigned, and calls `api.access.deny()` if none are found. If roles are present, it proceeds to set the custom claim on the ID token.
 

@@ -181,7 +181,7 @@ Challenge the user with one or more specified multifactor authentication factors
 <td><code>factor</code></td>
 <td>
 <p>
-<em>Object</em>. An object containing the <code>type</code> field. <code>type</code> is a string used to specify the default MFA factor or factors used to challenge the user. 
+<em>Object</em>. An object containing the <code>type</code> field. <code>type</code> is a string used to specify the default MFA factor or factors used to challenge the user.
           </p>
 <p>Supported values include:</p>
 <ul>
@@ -203,9 +203,9 @@ Challenge the user with one or more specified multifactor authentication factors
 </ul>
 <p>Example</p>
 ```js lines
-api.authentication.challengeWith({ 
-  type: 'phone', 
-  options: { preferredMethod: 'both'} 
+api.authentication.challengeWith({
+  type: 'phone',
+  options: { preferredMethod: 'both'}
 });
 ```
 </td>
@@ -254,7 +254,7 @@ Trigger an MFA challenge and allow the user to select their preferred factor fro
 <td><code>factors</code></td>
 <td>
 <p>
-<em>Array</em>. An array of objects that includes the <code> type</code> field. <code> type</code> is a string used to specify an MFA factor the user can choose from when challenged. 
+<em>Array</em>. An array of objects that includes the <code> type</code> field. <code> type</code> is a string used to specify an MFA factor the user can choose from when challenged.
           </p>
 <p>Supported values include:</p>
 <ul>
@@ -296,7 +296,7 @@ Prompt the user to enroll with a specific MFA factor. This method prompts the us
 <td><code>factor</code></td>
 <td>
 <p>
-<em>Object</em>. An object containing the <code>type</code> field. <code>type</code> is a string used to specify the default MFA factor the user is prompted to enroll. 
+<em>Object</em>. An object containing the <code>type</code> field. <code>type</code> is a string used to specify the default MFA factor the user is prompted to enroll.
           </p>
 <p>Supported values include:</p>
 <ul>
@@ -371,7 +371,7 @@ Prompt the user to select an MFA factor to enroll in from the supplied list. Thi
 <td><code>factors</code></td>
 <td>
 <p>
-<em>Array</em>. An array of objects that includes the <code> type</code> field. <code> type</code> is a string used to specify the default MFA factor the user is prompted to enroll. 
+<em>Array</em>. An array of objects that includes the <code> type</code> field. <code> type</code> is a string used to specify the default MFA factor the user is prompted to enroll.
           </p>
 <p>Supported values include:</p>
 <ul>
@@ -882,7 +882,7 @@ Returns a reference to the `api` object.
 <td><code>absolute</code></td>
 <td>
 <p>
-<em>Number</em>. The absolute expiry time in milliseconds since the unix epoch. 
+<em>Number</em>. The absolute expiry time in milliseconds since the unix epoch.
         </p>
 </td>
 </tr>
@@ -1604,7 +1604,7 @@ Returns a reference to the `api` object.
           </p>
 <p>Example</p>
 ```js lines
-api.session.revoke('reason', 
+api.session.revoke('reason',
              {'preserveRefreshTokens':true} );
 ```
 </td>
@@ -1717,7 +1717,7 @@ Sets a key-value pair in the metadata object of the current session. Setting the
         <td><code>value</code></td>
         <td>
           <p>
-            <em>String</em>. The value of the metadata property. No special and a maximum of 256 characters. Set to <code>null</code> removes the metadata property. 
+            <em>String</em>. The value of the metadata property. No special and a maximum of 256 characters. Set to <code>null</code> removes the metadata property.
           </p>
         </td>
       </tr>
@@ -1727,7 +1727,7 @@ Sets a key-value pair in the metadata object of the current session. Setting the
 ### `api.session.deleteMetadata(key) [Private Early Access]`
 
 Sets a key-value pair in the metadata object of the current session. Setting the value to `null` will delete the provided metadata key.
-  
+
   <table class="table">
     <thead>
       <tr>
@@ -1751,15 +1751,15 @@ Sets a key-value pair in the metadata object of the current session. Setting the
 
 Deletes all keys from the metadata object of the current session.
 
-## `api.transaction [Early Access]`
+## `api.transaction`
+
+### `api.transaction.setMetadata(name, value)`
 
-### `api.transaction.setMetadata(name, value) [Early Access]`
+Store or update shared data across custom Actions for the duration of a transaction.
+Transaction metadata allows you to share data between multiple Actions within the same authentication flow. Data stored using this method is available in the `event.transaction.metadata` object in the current and subsequent Actions and persists throughout the entire transaction lifecycle.
+
+They are subject to Transaction Metadata Limits. To learn more, read [Actions Limitations](/docs/customize/actions/limitations) .
 
-Store or update shared data across custom Actions for the duration of a transaction.  
-Transaction metadata allows you to share data between multiple Actions within the same authentication flow. Data stored using this method is available in the `event.transaction.metadata` object in the current and subsequent Actions and persists throughout the entire transaction lifecycle.  
-
-They are subject to Transaction Metadata Limits. To learn more, read [Actions Limitations](/docs/customize/actions/limitations) .   
-
 **NOTE:** Transaction metadata is only available during the current authentication transaction and is not persisted beyond the completion of the authentication flow. This feature is only currently available on `post-login` Actions.
 
 <table class="table">
@@ -1802,8 +1802,8 @@ once before the flow is completed**.*
 ### `api.user.setAppMetadata(name, value)`
 
 Set application metadata for the user that is logging in. Data stored within
-app_metadata is not editable by the user.   
-  
+app_metadata is not editable by the user.
+
  Note: This trigger makes a call to the Management API, consuming the Management API rate limit. If this request hits the rate limit and fails to retry within the timeout window, you will receive a `Deadline Exceeded` error.
 
 Returns a reference to the `api` object.
@@ -1836,8 +1836,8 @@ Returns a reference to the `api` object.
 
 ### `api.user.setUserMetadata(name, value)`
 
-Set general metadata for the user that is logging in.   
-  
+Set general metadata for the user that is logging in.
+
  Note: This trigger makes a call to the Management API, consuming the Management API rate limit. If this request hits the rate limit and fails to retry within the timeout window, you will receive a `Deadline Exceeded` error.
 
 Returns a reference to the `api` object.

@@ -12,7 +12,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
     </tr>
   </thead>
   <tbody>
-    
+
     <tr>
       <td>
         <code>event.authentication</code><br/>
@@ -284,7 +284,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td>
         <code>event.authorization</code><br/>
@@ -299,7 +299,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td><code>event.client</code></td>
       <td>
@@ -330,7 +330,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td><code>event.connection</code></td>
       <td>
@@ -365,7 +365,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
         </ul>
       </td>
     </tr>
-    
+
     <tr>
       <td>
         <code>event.organization</code><br/>
@@ -386,7 +386,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td>
         <code>event.prompt</code><br/>
@@ -403,7 +403,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td>
         <code>event.refresh_token</code><br/>
@@ -457,7 +457,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td><code>event.request</code></td>
       <td>
@@ -491,7 +491,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td>
         <code>event.resource_server</code><br/>
@@ -506,7 +506,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td>
         <code>event.security_context</code><br/>
@@ -522,7 +522,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td>
         <code>event.session</code><br/>
@@ -577,7 +577,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td>
         <code>event.session_transfer_token</code><br/>
@@ -617,7 +617,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td><code>event.stats</code></td>
       <td>
@@ -629,7 +629,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td><code>event.tenant</code></td>
       <td>
@@ -641,7 +641,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td>
         <code>event.transaction</code><br/>
@@ -657,7 +657,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
           <li><code>locale</code> <em>Optional string</em> — Locale chosen for this transaction.</li>
           <li><code>login_hint</code> <em>Optional string</em> — Hint about the login identifier the end user might use.</li>
           <li>
-            <code>metadata</code> <em>Dictionary</em> — [Limited Early Access] Shared data across custom Actions for the duration of a transaction.<br/>
+            <code>metadata</code> <em>Dictionary</em> — Shared data across custom Actions for the duration of a transaction.<br/>
             Keys are <em>String</em>; values are one of: <em>String</em>, <em>Number</em>, <em>Boolean</em>
           </li>
           <li><code>prompt</code> <em>Optional array of strings</em> — Instructions for whether the user may be prompted for re-auth and consent.</li>
@@ -716,7 +716,7 @@ The `event` object for the post-login Actions trigger provides contextual inform
       </td>
     </tr>
 
-    
+
     <tr>
       <td><code>event.user</code></td>
       <td>

@@ -2,10 +2,6 @@
 description: Describes how to pass user or application metadata between login and post-login Actions.
 title: Actions Transaction Metadata
 ---
-<Warning>
-Actions Transaction Metadata  is currently available in Early Access. By using this feature, you agree to the applicable Free Trial terms in Okta’s [Master Subscription Agreement](https://www.okta.com/legal/). To learn more about Auth0’s release stages, read [Product Release Stages](/docs/troubleshoot/product-lifecycle/product-release-stages).
-</Warning>
-
 Actions Transaction Metadata stores, accesses, and/or shares, custom metadata within a [post-login](/docs/customize/actions/explore-triggers/signup-and-login-triggers/login-trigger) Action for the duration of a transaction.
 
 Previously, each Action operated independently, making it difficult to pass information between them. With Actions Transaction Metadata, now it's possible to:
@@ -318,7 +314,7 @@ Redirects to an external site sending a token with the `custom_tx_id` from the t
 exports.onExecutePostLogin = async (event, api) => {
   const token = api.redirect.encodeToken({
     secret: event.secrets.REDIRECT_SECRET,
-    expiresInSeconds: 60, 
+    expiresInSeconds: 60,
     payload: {
       custom_tx_id: event.transaction?.metadata?.custom_tx_id,
       continue_uri: `https://${event.secrets.TENANT_DOMAIN}/continue`
-Original file line number
+Diff line change
@@ Expand Up @@
     </Tab>
     </Tabs>
-    #### Post-Login access control and ID token custom claims
+    ### Post-Login access control and ID token custom claims
     The following example Action would execute during the Post-Login flow. It checks if the user has roles assigned, and calls `api.access.deny()` if none are found. If roles are present, it proceeds to set the custom claim on the ID token.
@@ Expand Down @@