Is there a way to inject code from environment variables, like from keywords mappings?
Inject into where? What are keyword mappings or what’s the context?
Thanks for the replay, ok so I want to know if there is any way to inject code like a chat script into password_reset html page, and if there is a way to set that via an environment variables.
You can customize the password reset page, including adding JS snippets, such as a chat script. Note that this is all frontend code, shouldn’t put any sensitive information in there, such as API secrets.
Regarding the environment variable: how would you need to pass that into it? Is it based on the current user accessing the page, based on the client application, or just a fixed value differing between Auth0 tenants for example?
Note that it is possible for example to pass additional parameters from the client application (that makes the authorization request) available within the password reset page, via:
var config = JSON.parse(decodeURIComponent(escape(window.atob('@@config@@'))));
console.log(JSON.stringify(config));
This might be an option, dedending on use case and type of ‘env variable’.
Ok I see, so we should add the snippet and for example the API secret pass it by env_vars?
For the environment vars we have 3 differents domains/accounts here in Auth0 we want to use the github deployment extension, so I want to ask, can we use the same github repository with three different webhooks and each domain consume from a different branch?
And the for the environment question, the chat has an API_ID that we should pass it as env_var, so I don’t know if we should use keywords or tenants configs.
For the environment vars we have 3 differents domains/accounts here in Auth0
With “3 different domains”, do you mean domains that are used by your client applications (which are all using the same Auth0 tenant for login), or are you referring to the custom domains that can be used in Auth0 (and thus using 3 different Auth0 tenants)?
In other words, do you handle everything in one Auth0 tenant or in multiple ones?
Sorry yes we have different accounts for each environment and one Github repo for all of them.
If it’s different Auth0 accounts or tenants, then yes, it can be done via environment variables; similar approach as if you use different tenant for dev/stag/prod.
(If it were only one Auth0 tenant, the env variable approach wouldn’t work because there’s only one template available for i.e. all client application within an Auth0 tenant.)
However, it’s not possible to store API secrets in the password reset page securely. The customization to login and password reset page is frontend code only, no way to put an API secret into the page in a secure way. It would also be visible in the source view via browser. So, if the chat script requires such API secret, I don’t see a good way to handle this.
Thanks for your reply @mathiasconradt, quick question I don’t quite understand how to add an env var, what I need is to add a var like APP_ID and that variable be consumed by the password reset html page.