User metadata hidden from user

Is it possible to store user metadata only accessible to Netlify Functions? That is, not included in app_metadata or user_metadata sent to client upon login.

You can store anything you like in a function - we don’t allow “download” of that source code by visitors, so it is a safe place to store sensitive data. Not sure what your data source is, but you could hardcode it directly (for instance: https://github.com/depadiernos/token-hider-inator), or you could make an API call from your function to retrieve e.g. a userID from a server of yours, based on something about the visit (e.g. a cookie set).

1 Like

Thanks,

My data source is FaunaDB. The function I’m setting up is serving as a graphql endpoint using schema stitching that forwards some requests to FaunaDB.

The information I would like to keep track of is the individual users FaunaDB access tokens. In theory there could be thousands of those. But since functions are supposed to be stateless (right?), storing that data at the function level is probably not a good idea. Unless there is some sort of session storage available to functions?

Yea, you won’t want to store a large number of data in a lambda function nor is there any session storage. What you’ll probably want to do is store it your information in your database and using a lambda function as a ‘go-between’ to access that database. This ‘go-between’ approach is just so you don’t have any API keys in your client-side code.

Let me know if that makes sense.