An example of an Auth0 custom action that appends a tenantId to a user on login

Auth0CustomAction.js

/**
 * Handler that will be called during the execution of a PostLogin flow.
 *
 * @param {Event} event - Details about the user and the context in which they are logging in.
 * @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
 */
exports.onExecutePostLogin = async (event, api) => {
  const redirectURI = event.request.query.redirect_uri;
  const appMetadata = event.user.app_metadata;
  
  // Check if tenant_id already exists app_metadata object (function implementation omitted)
  const tenantIdExists = checkIfTenantIdAlreadyExists(appMetadata)
  if (tenantIdExists)
  {
    // If tenant_id exists, add app_metadata to access token and return
    api.accessToken.setCustomClaim("https://api.myapplicationdomain.com/tenant", appMetadata);
    return;
  }

  // Extract tenant name from the redirect URI (function implementation omitted)
  const tenantName = parseTenantName(redirectURI);

  // Retrieve the tenant_id from your remote DB (function implementation omitted)
  const tenantId = await getTenantId(tenantName)
  // If the tenant doesn't exist for whatever reason, deny access
  if (!tenantId)
  {
    api.access.deny(
      `Tenant with name ${tenantName} not found`
    );
  }

  // Set tenant_id in app_metadata, and then add to access token
  api.user.setAppMetadata("tenant_id", id);
  api.accessToken.setCustomClaim("https://api.myapplicationdomain.com/tenant", appMetadata);
};