Introduction to Auth0 Actions

What are Auth0 Actions?

Actions are secure, tenant-specific, versioned functions written in Node.js that execute at certain points during the Auth0 runtime. In short, an Action is a programmatic way to add custom business logic into your login flow. With Actions, you can add a customized mandatory logic to your login and identity flows that satiate your needs. The service also allows you to connect external integrations that complement the overall extensibility experience.

Why Auth0 Actions?

  • Observability: When Actions are executed, Auth0 will capture key metrics about them and link them to Auth0 Logs.
  • Extensibility: Auth0 Actions is built to give developers more tooling and a better experience in their login workflows.
  • Multiple actions on every trigger: Every Action trigger supports multiple independent Actions.
  • Version Control: You have the ability to store a history of individual Action changes and the power to revert back to previous versions as needed.
  • Access to NPM Packages: Nearly all public NPM packages are available to be used within Actions.
  • Pre-Production Testing: Your personal Actions can be drafted, reviewed, and tested before deploying into production.
  • Improved Developer Experience: The flow editor lets you visually build custom workflows with drag and drop Action blocks for complete control.

Implementation

We will be creating an Auth0 Action similar to the flow we saw at the beginning of this article using React. We’ll basically be creating an Action to make Multi-Factor Authentication (MFA) mandatory. You’ll need the following:

  1. Any Code Editor of your choice. I’d recommend Visual Studio Code.

Getting Started with Auth0

  1. Assuming that you already have an Auth0 Account, scroll down to find the option that says “Create Application”.
  • Allowed Logout URLs
  • Allowed Web Origins

Setting Up Users and Roles

  1. Click on the User Management Tab in the sidebar. Click on the Users tab followed by the Create User Option. We’ll create 2 Users for our Action.

Setting Up the React App

  1. Unzip the file we downloaded a while back and open the folder in a code editor of your choice. In src/auth_config.json add the details of your application from the Auth0 Dashboard, specifically the domain and Client ID.
  2. To run the code, we first need to install the dependencies. Execute npm installfor the same. Execute the following to run the application in development mode npm run dev. You’ll see a Single Page Application like the one below built using React.

Setting Up Actions

Setting up Actions is easy.

if (event.authorization != undefined && event.authorization.roles.includes("Admin")) {
api.multifactor.enable("any");
};

Running the Application

No spoilers here. Just hit npm startand you’re all set. When you try to login into the Application with the Admin account, you’ll be asked to complete the MFA flow we created.

Ending Notes

In a few steps, this is how we can effectively boost the security of our Application using Auth0 Actions. If you are interested in knowing more about the different sorts of triggers, head over to this link. You can also find the official documentation right here.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aaishika S Bhattacharya

Aaishika S Bhattacharya

Jr. Developer Advocate @ DigitalOcean | GitHub Campus Expert & Stream Team | GDSC ‘22 & Hack Club Lead | Alexa Student Influencer | Ex- MLH Coach