Custom Database Connections
Use a custom database connection when you want to provide Auth0 with access to your own independent (legacy) identity data store primarily for authenticaton (filling the role of an identity provider) and for migrating user data to Auth0's data store.
Auth0 Extensibility allows you to add custom logic to build out last mile solutions for Identity and Access Management (IdAM). Auth0 extensibility comes in several forms: Rules, Hooks, and scripts for both custom database connections and custom database migration. Each is implemented using Node.js running on the Auth0 platform in an Auth0 tenant.
Auth0 extensibility executes at different points in the IdAM pipeline:
- Rules run when artifacts for user authenticity are generated (i.e., an ID Token in OpenID Connect (OIDC)), an Access Token in OAuth 2.0, or an assertion in Security Assertion Markup Language (SAML).
- Hooks provide additional extensibility for when there is an exchange of non-user related artifacts, and for when user identities are created. See pre-user registration and post-user registration Hooks for details.
- Custom database action scripts can be used to integrate with an existing user identity store, or can be used where automatic user migration from an legacy identity store is required.
Whatever the use case, Auth0 extensibility allows you to tailor IdAM operations to your exact requirements. However, if not used in the right way, this can open up the potential for improper or unintended use which can lead to problematic situations down the line. In an attempt to address matters ahead of time, Auth0 provides best practice guidance to both designers and implementers, and we recommend reading it in its entirety at least once, even if you've already started your journey with Auth0.
Only Enterprise subscription plans include the ability to use a custom database for authentication requests. For more info, see Auth0 pricing plans.