Features and breaking changes released in Actions are listed below.


Login Flow

New features and breaking changes were released to triggers in the Login Flow. To learn about these changes, read Login Flow: Releases.

v2 (GA)

Query and body parameters

Direct access to the query and body parameters is available using the event.request.query and event.request.body objects. These are exposed regardless of whether the authorization was initiated via a GET or POST request. Many protocol-specific query or body parameters sent as part of an authorization request are now also available as first-class values on the event.transaction object. We recommend that you use event.transaction rather than event.request.query and event.request.body unless your use case is not supported. A complete mapping of these changes is below:

Pre-GA Property GA Property event.request.ip event.request.hostname event.request.geoip event.request.language event.request.method event.request.user_agent event.request.body event.request.query event.resource_server.identifier event.transaction.requested_scopes event.transaction.acr_values event.transaction.ui_locales
event.protocol event.transaction.protocol
context.secrets event.secrets

User Profile properties

In general, the event.user object has had its properties changed from camel case to snake case in order to match the Auth0 User Profile structure. For example, event.user.appMetadata has been changed to event.user.app_metadata.

Performing side effects

In the pre-GA version of the post-login trigger, side effects were performed by returning an object from an Action. In Actions GA, an api object is provided to encapsulate these changes and provide better in-editor type hints and inline documentation.

To learn more about these changes and see code examples, read Login Flow: Releases.

Manipulating scopes

Although we experimented with providing direct manipulation of ID and Access Token scopes during the Actions Beta, we do not support this functionality in Actions GA.