Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Introducing Auth0 Hooks

DZone's Guide to

Introducing Auth0 Hooks

Customize the free Auth0 platform with Node.js using Auth0 Hooks, a new extensibility mechanism powered by Webtasks.

· Security Zone
Free Resource

Address your unique security needs at every stage of the software development life cycle. Brought to you in partnership with Synopsys.

Auth0 Hooks are a new extensibility mechanism in Auth0 that allows you to customize the behavior of our platform using Node.js.

Developers Love Code and Extensibility

Customization flexibility has always been an integral part of the Auth0 platform. Until now, you could use Auth0 Rules to execute arbitrary Node.js code during an authorization transaction. Today, we are introducing Auth0 Hooks, a new and improved mechanism to extend the Auth0 platform using code.

Auth0 Hooks in Webtask Editor

Better Developer Experience

While Auth0 Hooks are building on the same underlying Webtask technology we have developed to run Auth0 Rules, several aspects of the developer experience are improved:

  • Using the management dashboard you can create, move in and out of production, and edit hooks for selected extensibility points in the Auth0 platform.

Auth0 Hooks dashboard

  • You edit hooks in the Webtask Editor, which offers a much richer featureset compared to the experience you are used to with Auth0 rules.
  • Syntax completion allows you write the code faster without referring to documentation.
  • Integrated secret management improves the security of your code by providing a mechanism to securely store secrets while making them conveniently available in code.
  • Integrated runner allows you to test your code without leaving the webtask editor.
  • Real-time logs simplify debugging by streaming the output generated by your code.
  • GitHub integration allows you synchronize your hook with code stored in a github repository. Updating your hook is as simple as pushing to GitHub.
  • Using the Auth0 CLI you can scaffold, create, activate, and deactive hooks from the command line.

What Can You Do Today

The initial release of Auth0 Hooks supports customizing the behavior of Auth0 at three new extensibility points:

  • Client Credentials Exchange allows you to change the scopes and add custom claims to issued access tokens.
  • Pre User Registration allows you to intercept creation of a new dabatase user to enforce custom password policy, or employ application specific logic to prevent the signup.
  • Post User Registration allows you to perform any actions as a result of a succcessful creation of a new database user, e.g. send a message to Slack, or create a record in your CRM system.

This is just the beginning. We are going to be adding many more extensibility points in the Auth0 platform using the Auth0 Hooks mechanism in the future.

Auth0 Hooks vs. Auth0 Rules

Introduction of Auth0 Hooks does not affect any existing Auth0 Rules. Your rules continue to work unchanged.

Auth0 Hooks provide a foundation for a new extensibility mechanism in Auth0. All future extensibility points in the platfrom will build on top of Auth0 Hooks. We are also planning to add support in Auth0 Hooks for the same things you use Auth0 Rules for today.

Differences With Auth0 Rules

If you have been using Auth0 Rules before, these are some of the key differences in the development experience when moving on to Auth0 Hooks:

  • In Auth0 Rules, you are editing code on the Auth0 management dashboard. When using Auth0 Hooks, you edit code in the Webtask Editor.
  • When using Auth0 Rules, you are specifying rule configuration common to all rules on the Auth0 management dashboard. Auth0 Hooks allow you to specify secret configuration directly in the Webtask Editor, and separately for each hook.
  • When developing Auth0 Rules, you can dry run a rule from within the Auth0 management dashboard. Auth0 Hooks can be tested from within the Webtask Editor using the integrated runner and access to real-time logs.
  • There is no command line tool to manipulate Auth0 Rules. Auth0 Hooks come with the Auth0 CLI tool, and can also be manipulated using the lower level Webtask CLI tool.
  • Auth0 management HTTP APIs offer a way to manipulate Auth0 Rules using any HTTP client. Auth0 Hooks are managed using Webtask management APIs.

Learn More

Check out the Auth0 Hooks documentation or head over directly to the Auth0 Hooks management dashboard to create your first hook.

Find out how Synopsys can help you build security and quality into your SDLC and supply chain. We offer application testing and remediation expertise, guidance for structuring a software security initiative, training, and professional services for a proactive approach to application security.

Topics:
security ,auth0 ,github ,logging

Published at DZone with permission of Tomasz Janczuk, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}