Docs

Role-Based Access Control

HooksBeta

Hooks are Webtasks associated with specific extensibility points of the Auth0 platform, which allow you to customize the behavior of Auth0 with custom code using Node.js. When using Database Connections, Auth0 invokes the Hooks at runtime to execute custom logic.

When using Database Connections, Hooks allow you to customize the behavior of Auth0 using Node.js code that executes against extensibility points (which are comparable to webhooks that come with a server). Hooks allow you modularity when configuring your Auth0 implementation, and extend the functionality of base Auth0 features.

For scripts that call Auth0 APIs, you should always handle rate limiting by checking the X-RateLimit-Remaining header and acting appropriately when the number returned nears 0. You should also add logic to handle cases in which you exceed the provided rate limits and receive the HTTP Status Code 429 (Too Many Requests); in this case, if a re-try is needed, it is best to allow for a back-off to avoid going into an infinite re-try loop. For more information about rate limits, see Rate Limit Policy For Auth0 APIs.

Benefits of RBAC

Extensibility points

Hooks allow you to customize the behavior of Auth0 with Node.js code, but they are executed only against selected extensibility points, which are the serverless option analogous to the webhooks that come with a server. The following is a list of currently available extensibility points:

  • Credentials Exchange: change the rolescopes and add custom claims to the tokens issued by the Auth0 API's POST /oauth/token endpoint
  • Pre-User Registration: prevent user registration and add custom metadata to a newly-created user
  • Post-User Registration: implement custom actions that execute asynchronously from the Auth0 authentication process after a new user registers and is added to the database

RBAC Model

Network firewall

If you are behind a firewall, this feature may require whitelisting of the appropriate Auth0 IP addresses to work properly.

Roles

Manage Hooks

Manage Hooks using the Dashboard. With the Dashboard, you can create or delete a Hook, edit an existing Hook, and enable or disable an existing Hook using the Dashboard.