Javascript Rule-Based Authentication

Tracks Logins and Signups with Splunk HEC

What does it do?

This rule will send a SignUp & Login events to Splunk's HTTP Event Collector, including some contextual information of the user: the application the user is signing in, client IP address, username, etc.

We use a persistent property SignedUp to track whether this is the first login or subsequent ones. Events will show up on the Splunk console shortly after user access:


In order to use this rule, you need to enable HTTP Event Collector (HEC) on your Splunk instance and get an HEC token. You can learn more how to do this here

Below is a screenshot showing an SingUp event sent to Splunk Cloud.

How do I use it?

Just create a new rule in the Auth0 dashboard, and copy the following code replacing the placeholders with the appropriate values.

What is Rule-Based Authentication?

A rule is arbitrary JavaScript code that can be used to extend Auth0s default behavior when authenticating a user. Enabled rules will be executed in the order shown below for all users and applications as the final step of the authentication process.

Rules can be used to enrich and transform the user profile, deny access to specific users under certain conditions, retrieve information from external services and much more. For more information about rules, please check the documentation