Login Script Templates
The Login script implements the function executed each time a user is required to authenticate. We recommend naming this function
login function is typically used during the Universal Login workflow, but is also applicable in other authentication flow scenarios (such as Resource Owner Password Grant). The script is required for both legacy authentication and for automatic migration.
login function should be defined as follows:
||The identification credential for the user typically either the email address for the user or the name associated with the user. With default out-of-box Universal Login, support for the use of
||Passed to the
||Executed with up to two parameters. The first parameter is an indication of status: a
When indicating an error condition we recommend using the
Error object to provide Auth0 with a clear indication of the error condition. For example,
callback(new Error(“an error message”)).
`bcrypt` hash encryption
The password credential for the user is passed to the login script in plain text so care must be taken regarding its use. You should refrain from logging, storing, or transporting the
password credential anywhere in its vanilla form. Instead, use something similar to the following example, which uses the
bcrypt algorithm to perform cryptographic hash encryption:
profile parameter example
The second parameter provided to the
callback function should be the profile for the user. This should be supplied as a JSON object in normalized user profile form.
Additionally, you can also provide metadata for a user as part of the user profile returned. The following is an example of the profile object that can be returned for a user.
||If a custom database connection type has Requires Username as an enabled setting then the profile returned for the user must include a
While a user does not need to use an email address to login, it’s recommended best practice that they have an email address defined against their user profile. This ensures that Auth0 out-of-box functionality works as designed.
For a legacy authentication scenario, you can also enable the
Sync user profile at each login option in the settings for a custom database connection. This allows attribute updatess in the Auth0 user profile each time a login for the user occurs for attributes that would otherwise not be available for update via the Auth0 Management API. For legacy authentication scenarios there are a number of root profile attributes which cannot be updated directly via the Management API.
Language-specific script examples
Auth0 provides sample scripts for use with the following languages/technologies: