Rules Best Practices
Rules can be used in a variety of situations as part of the authentication pipeline where protocol-specific artifacts are generated:
an ID Token in OpenID Connect (OIDC)
an Access Token in OAuth 2.0
an assertion in SAML
A new pipeline in which rules execute is created for each authentication request.
Auth0 provides a number of pre-existing rules and rule templates to help you achieve your goal(s). You may also want to build your own Rule(s) to support your specific functionality requirements. You can modify a pre-existing rule template or choose to start from scratch using one of our samples. Either way, there are a number of best practices that you’ll want to adopt to ensure that you achieve the best possible outcome.
The image below shows the Auth0 Dashboard with a number of enabled and disabled rules for a specific Auth0 Tenant. Enabled rules—those with the green toggle—are those rules that are active and will execute as part of a pipeline. Disabled rules—those with the greyed-out toggle—on the other hand, won't.