Custom Database Connection and Action Script Best Practices
Availability varies by Auth0 plan and login method
Extensibility provides the ability to add custom login in Auth0 as a mechanism for building out last-mile solutions for Identity and Access Management (IdAM). Auth0 extensibility comes in several forms:
Actions: Actions are secure, tenant-specific, versioned functions written in Node.js that execute at certain points within the Auth0 platform. Use actions to customize and extend Auth0's capabilities with custom login.
Rules: Run when artifacts for user authenticity are generated. For example:
ID Token in OpenID Connect (OIDC)
Access Token in OAuth 2.0
An assertion in SAML
Hooks: Provide additional extensibility when there is an exchange of non-user-related artifacts and when user identities are created such as pre-user registration and post-user registration.
Scripts for both custom database connections and migrations: Used to integrate with an existing user identity store or where automatic user migration from an independent or legacy identity store are required. For more more configuration information, review Create Custom Database Connections.
Each extensibility type uses Node.js running on the Auth0 platform in an Auth0 tenant.
Whatever the use case, Auth0 extensibility provides comprehensive and sophisticated capability to tailor IdAM operations to your exact requirements. However, if not utilized in the right way, this can open up the potential for improper or unintended use which can lead to problematic situations down the line. In an attempt to address matters ahead of time, this document provides best practice guidance to both designers and implementers, and we recommend reading it in its entirety at least once, even if you've already started your journey with Auth0.