Custom Database Connection and Action Script Best Practices
Availability varies by Auth0 plan and login method
Both your specific login implementation and your Auth0 plan or custom agreement affect whether this feature is available. To learn more, read Pricing.
Extensibility allows admins to add custom login in Auth0 as a mechanism for building out last-mile solutions for Identity and Access Management (IdAM). Each extensibility type uses Node.js and runs on the Auth0 platform in an Auth0 tenant.
Auth0 Extensibility comes in several forms:
Actions: Actions are secure, tenant-specific, versioned functions written in Node.js that execute at certain points within the Auth0 platform. Use actions to customize and extend Auth0's capabilities with custom login.
Rules: Run when artifacts for user authenticity are generated. For example:
ID Token in OpenID Connect (OIDC)
Access Token in OAuth 2.0
An assertion in SAML
Hooks: Provide additional extensibility when there is an exchange of non-user-related artifacts and when user identities are created such as pre-user registration and post-user registration.
Below are some best practices for using Auth0 Extensibility products:
Scripts for both custom database connections and migrations are used to integrate with an existing user identity store or where automatic user migration from an independent or legacy identity store are required. For more more configuration information, review Create Custom Database Connections.
To avoid user duplications, set a consistent
user_id
on each returned user profile. Additionally, ensure that you don't return the same email address for two different users in theget_user
orlogin
script and make sure both scripts return the same user.To support backwards compatibility,
app_metadata
is calledmetadata
in custom DB scripts. Since data transfer can be interrupted, use an Action to fetch the metadata that should be inapp_metadata
oruser_metadata
if it's missing.Ensure you restrict access to the audience with an Action.
Auth0 Extensibility is a comprehensive and sophisticated capability to tailor IdAM operations, but can also expose your database to improper or unintended use. The documents in this section highlight best practices to both designers and implementers; we recommend reading them in their entirety at least once, even if you've already started your journey with Auth0.