Best Practices: Rules
Make sure your rules code catches errors after calls which may trigger an error. Also, ensure every branch through the code ends with a return statement to call the callback.
Review rule order
Rules execute in the order shown on the Auth0 Dashboard. If a rule depends on the execution of another rule, move the dependent rule lower in the rules list.
To improve performance, write rules that exit as soon as possible.
For example, if a rule has 3 checks to decide if it should run, the first check should eliminate the most cases. Followed by the check that eliminates the second-highest number of cases for the rule to run, and so on.
Reduce API requests
Try not to use a lot of API calls in rules. Too many can slow down login response time and may cause failures during a timeout.
Avoid calling the Management API if possible, especially in high volume environments.
Rules have a global variable you can use to cache information. For API calls that are not user-specific, use this variable to cache the results between users. For example, getting an access token to your API.
Limited read or update users scopes
If you use the Management API in rules for the limited scope of reading or updating the current user, use the
auth0.accessToken variable instead. This token will suffice if you only need the
Rules for specific applications
To run a rule for only specific applications, check for a client metadata field instead of comparing the client.
This can improve performance as the rule only executes for clients with a certain metadata field, rather than checking Client IDs. It also makes adding new clients and reading the rule code easier.
You can set client metadata for your application on the dashboard by going to Application Settings -> Advanced Settings -> Application Metadata. To access client metadata in rules, use the context object.