Hooks are secure, self-contained functions running on Auth0's serverless environment and associated with specific extensibility points of the Auth0 platform; they allow you to customize the behavior of Auth0 with custom code using Node.js. When using Database Connections or Passwordless Connections, Auth0 invokes the Hooks at runtime to execute custom logic.

When using either of the two supported connection types (Database Connections and Passwordless Connections), Hooks allow you to customize the behavior of Auth0 using Node.js code that executes against extensibility points (which are comparable to webhooks that come with a server). Hooks allow you modularity when configuring your Auth0 implementation and extend the functionality of base Auth0 features.

For scripts that call Auth0 APIs, you should always handle rate limiting by checking the X-RateLimit-Remaining header and acting appropriately when the number returned nears 0. You should also add logic to handle cases in which you exceed the provided rate limits and receive the HTTP Status Code 429 (Too Many Requests); in this case, if a re-try is needed, it is best to allow for a back-off to avoid going into an infinite re-try loop. For more information about rate limits, see Rate Limit Policy For Auth0 APIs.

Extensibility points

Hooks allow you to customize the behavior of Auth0 with Node.js code, but they are executed only against selected extensibility points, which are the serverless option analogous to the webhooks that come with a server. The following is a list of currently available extensibility points:

  • Credentials Exchange: change the scopes and add custom claims to the tokens issued by the Auth0 API's POST /oauth/token endpoint
  • Pre-User Registration: prevent user registration and add custom metadata to a newly-created user
  • Post-User Registration: implement custom actions that execute asynchronously from the Auth0 authentication process after a new user registers and is added to the database
  • Post Change Password: Implement custom actions to be executed after a successful user password change.

Network firewall

If you are behind a firewall, this feature may require whitelisting of the appropriate Auth0 IP addresses to work properly.

Manage Hooks

Manage Hooks using the Dashboard. With the Dashboard, you can create or delete a Hook, edit an existing Hook, and enable or disable an existing Hook using the Dashboard.