Custom User Data

Stack Auth allows storing additional user information through three types of metadata fields:

1. clientMetadata: Readable and writable on the client-side.
2. serverMetadata: Readable and writable only on the server-side.
3. clientReadOnlyMetadata: Readable on the client-side, writable only on the server-side.

Client-side metadata

You can use the clientMetadata field to store non-sensitive information that both the client and server can read and write.

1
await user.update({
2
  clientMetadata: {
3
    mailingAddress: "123 Main St",
4
  },
5
});
6
7
// On the client:
8
const user = useUser();
9
console.log(user.clientMetadata);

Server-side metadata

For sensitive information, use the serverMetadata field. This ensures the data is only accessible and modifiable by the server.

1
const user = await stackServerApp.getUser();
2
await user.update({
3
  serverMetadata: {
4
    secretInfo: "This is a secret",
5
  },
6
});
7
8
// To read:
9
const user = await stackServerApp.getUser();
10
console.log(user.serverMetadata);

Client read-only metadata

Use clientReadOnlyMetadata for data that clients need to read but should not modify, such as subscription status.

1
// On the server:
2
const user = await stackServerApp.getUser();
3
await user.update({
4
  clientReadOnlyMetadata: {
5
    subscriptionPlan: "premium",
6
  },
7
});
8
9
// On the client:
10
const user = useUser();
11
console.log(user.clientReadOnlyMetadata);