Actions

Actions are secure, tenant-specific, versioned functions written in Node.js that execute at certain points during the Auth0 runtime. Actions are used to customize and extend Auth0's capabilities with custom logic.

The processes that can be extended in this way are called Flows. Each Flow is made up of one or more Triggers and represents the logical pipeline through which information moves during a single point in the Auth0 journey. Multiple Actions can be added to a Trigger, with each Action executing in the order in which it was placed. Some Triggers are executed synchronously, blocking the flow in which they are involved, and some are executed asynchronously, as indicated in the table below.

Actions is a cornerstone to our overall extensibility product at Auth0. With Actions, you can add essential custom logic to your login and identity flows specific to your needs. Actions also allows you to connect external integrations that enhance your overall extensibility experience. For example, you can add an Actions to your login flow to verify credentials such as a License or Passport using a Marketplace Partner who specializes in identity proofing.

What an Action can do is determined by where it is executed within the Auth0 runtime.

Flow	Runs	Trigger(s)	Example Uses
Login	As a user logs in.	post-login Executed after a user logs in and after any Rules that exist. Also executed when Refresh tokens are issued.	Modify Access and ID tokens Call APIs to enrich user profiles or send notifications Create authorization rules and make access decisions based on custom logic Conditionally enable MFA Redirect users to an external site
Machine to Machine	When an Access Token is issued via the Client Credentials Flow.	credentials-exchange Executed after a user logs in and after the Client Credentials Hook.	Prevent tokens from being issued Add custom claims to the Access Token Modify Access Token scopes
Pre User Registration	Before a user is added to a Database or Passwordless Connection.	pre-user-registration Executed before a user is added to a Database or Passwordless Connection, after the Pre User Registration Hook	Prevent creation of a user in Auth0 Add custom app_metadata or user_metadata to a newly created user
Post User Registration	After a user is added to a Database or Passwordless Connection.	post-user-registration Executes after a user is added to a Database or Passwordless Connection and after the Post User Registration Hook. It executes asynchronously and its outcome does not affect the transaction.	Send a new user notification Create a record in a CRM system
Post Change Password	After a password is changed for a Database Connection user.	post-change-password Executes after a password is changed for a Database Connection user and after the Post Change Password Hook. It executes asynchronously and its outcome does not affect the transaction.	Send an email to a user to notify them that their password has been changed Call an API to revoke a user’s sessions in other systems after their password has been change
Send Phone Message	To send a Phone or SMS message as part of a Custom MFA Provider.	send-phone-message Executes when using a Custom MFA Provider in place of a Send Phone Message Hook.	Use a custom provider for sending MFA Phone or SMS messages

When editing an Action within the Auth0 Dashboard, you will have access to rich type information and inline documentation about what is possible within each trigger, which makes it easy to discover what capabilities each Trigger supports.
An Action can be edited and tested without affecting the version that is currently serving production traffic.
If an issue is found within an Action, it can be rolled back to a previous version.

Nearly all public NPM packages are available to be used within Actions.

When Actions are executed, Auth0 will capture key metrics about them and link them to Auth0 Logs.

Every Actions Trigger supports multiple independent Actions.

Write your first Action!
See the current limitations of Actions.

Docs

Actions

Actions

What can you do with Actions?

Key benefits of Actions

Improved developer experience

Access to NPM packages

Observability

Multiple Actions on every Trigger

Ready to get started?

Was this article helpful?