Delegated Administration: Write Hook

The Write Hook, which runs anytime you create or update a user, allows you to do things like:

Changing the user's password
Changing the user's email address
Updating the user's profile

You can also use the Write Hook to automatically set default values for newly-created users. For example, you might want to automatically assign a user to the same group, department, or vendor as the ones to which you've been assigned.

Auth0 only supports user creation with Database Connections.

ctx: Context object.
- request.originalUser: Current user's values where the payload is the new set of fields. Only available when the method is update.
- payload: Payload object
  - memberships: Array of memberships that were selected in the UI when creating the user.
  - email: Email address of the user.
  - password: Password of the user.
  - connection: Name of the database connection.
  - app_metadata: Data that's included if a Custom Field being modified is saved in app_metadata.
  - user_metadata: Data that's included if a Custom Field being modified is saved in user_metadata.
- userFields: User fields array (if specified in the settings query)
- method: Either create or update depending on whether this is being called as a result of a create or an update call.
callback(error, user): Callback to which you can return an error and the user object that should be sent to the Management API.

Kelly manages the Finance department. When she creates users, these users should be assigned as members of the Finance department.

function(ctx, callback) {
  var newProfile = {
    email: ctx.payload.email,
    password: ctx.payload.password,
    connection: ctx.payload.connection,
    user_metadata: ctx.payload.user_metadata,
    app_metadata: {
      department: ctx.payload.memberships && ctx.payload.memberships[0],
      ...ctx.payload.app_metadata
    }
  };

  if (!ctx.payload.memberships || ctx.payload.memberships.length === 0) {
    return callback(new Error('The user must be created within a department.'));
  }

  // Get the department from the current user's metadata.
  var currentDepartment = ctx.request.user.app_metadata && ctx.request.user.app_metadata.department;
  if (!currentDepartment || !currentDepartment.length) {
    return callback(new Error('The current user is not part of any department.'));
  }

  // If you're not in the IT department, you can only create users within your own department.
  // IT can create users in all departments.
  if (currentDepartment !== 'IT' && ctx.payload.memberships[0] !== currentDepartment) {
    return callback(new Error('You can only create users within your own department.'));
  }

  if (ctx.method === 'update') {
    // If updating, only set the fields we need to send
    Object.keys(newProfile).forEach(function(key) {
      if (newProfile[key] === ctx.request.originalUser[key]) delete newProfile[key];
    });
  }

  // This is the payload that will be sent to API v2. You have full control over how the user is created in API v2.
  return callback(null, newProfile);
}

Was this helpful?/

Docs

Delegated Administration: Write Hook

Delegated Administration: Write Hook

Hook contract

Sample use

Keep reading

Was this article helpful?