Hooks, Webtasks, and Extensibility PointsBeta

Hooks allow you to extend the Auth0 platform with custom code.

When using Database Connections, Hooks allow you to customize the behavior of Auth0 using Node.js code that executes against extensibility points (which are comparable to webhooks that come with a server). Hooks allow you modularity when configuring your Auth0 implementation, and extend the functionality of base Auth0 features.

For scripts that call Auth0 APIs, you should always handle rate limiting by checking the X-RateLimit-Remaining header and acting appropriately when the number returned nears 0. You should also add logic to handle cases in which you exceed the provided rate limits and receive the HTTP Status Code 429 (Too Many Requests); in this case, if a re-try is needed, it is best to allow for a back-off to avoid going into an infinite re-try loop. For more information about rate limits, see Rate Limit Policy For Auth0 APIs.

Hooks

Hooks are Webtasks associated with specific extensibility points of the Auth0 platform. When using Database Connections, Auth0 invokes the Hooks at runtime to execute custom logic.

Manage Hooks using:

  • The Dashboard
  • The Command-Line Interface

Use the Dashboard

With the Dashboard, you can create or delete a Hook, edit an existing Hook, and enable or disable an existing Hook using the Dashboard.

Use the command-line interface

The command-line interface offers similar functionality to the dashboard in that you can create or delete a Hook, edit an existing Hook, and enable or disable an existing Hook.

The command-line interface also offers you the ability to get logs on your Hooks usage.

Extensibility points

Hooks allow you to customize the behavior of Auth0 with Node.js code, but they are executed only against selected extensibility points, which are the serverless option analogous to the webhooks that come with a server. The following is a list of currently available extensibility points:

  • Credentials Exchange: change the scopes and add custom claims to the tokens issued by the Auth0 API's POST /oauth/token endpoint
  • Pre-User Registration: prevent user registration and add custom metadata to a newly-created user
  • Post-User Registration: implement custom actions that execute asynchronously from the Auth0 authentication process after a new user registers and is added to the database

Network firewall

If you are behind a firewall, this feature may require whitelisting of the appropriate Auth0 IP addresses to work properly.

Use the Webtask Editor to edit Hooks

Edit Hooks directly using the Webtask Editor. Please see the Webtask documentation for detailed information.