Auth0 by Okta Community Ask Me Anything: Rules & Hooks and why Actions matter!
Our Auth0 Community Ask me Anything (AMA) online event was last week about all things Rules & Hooks and why Actions matter, with our subject matter expert Oliver Wang, Product Manager at Auth0 by Okta.
Before we dive into a summary of the event, we wanted to extend a huge thank you for your enthusiasm and insightful questions. This was by far the most active session in the whole series, so huge thank you for your interest and contributions! As a token of our appreciation, we have awarded all participants with a special community badge!
Here are the main highlights from the session:
-
Accessing groups from Azure AD
- We do expose custom attributes that are coming from external IdPs. Make sure you are using an Action with the latest API (v3).
-
Changing claims in ID tokens, once user authenticated successfully
- The event parameter in Actions is immutable, to change attributes on the idToken, use
api.idToken.setCustomClaim('picture', undefined);
- The event parameter in Actions is immutable, to change attributes on the idToken, use
-
Account Linking with Actions
- We have example code provided in the following doc, which needs to be adjusted to the business case of the client. As such getManagementApiToken is a placeholder to get a token for Management API. Auth0 supports the linking of user accounts from various identity providers. This allows a user to authenticate from any of their accounts and still be recognized by your app and associated with the same user profile. We recommend you to use Account Linking in Actions but you can also use Account Linking Extension. You can find more implementation details in Auth0 Docs. Account Linking is done through management API and switching the user account is available through api.authentication.setPrimaryUser() . This feature is only available in the latest version of the APi for Post-login, so please make sure that you are using v3. You can find out more information in this doc.
-
Actions Open Source Marketplace
- We are actively working on an open source marketplace repo to allow developers and partners to contribute to the integration ecosystem around Actions, and this should be something to expect in 2024.
-
Rules & Hooks End of Life
- After Nov 2024, Rules and Hooks will not be available to any Auth0 tenants. We will end support for these features and the login pipeline that involves Rules and Hooks will stop functioning. All users must migrate their legacy Auth0 pipeline to Actions before the date.
-
Setting scopes manually or overriding them
- Access token scope modification is available in Actions now. Developers can freely add or remove claim scopes with custom APIs, enhancing the ability to meet overall security needs. Learn more about Access Tokens in our docs.
-
Encoding / Decoding JWS Tokens
- Actions provides utility methods to encode and decode a JWS token, but you can encode your token and pass it to the external service following the code snippet below:
api.redirect.sendUserTo("https://my-app.exampleco.com", {
query: { session_token: token }
});
-
Extensions running with Hooks and Rules
- Any product or feature that is running on Rules and Hooks will not be impacted and will follow its product development cycle.
-
Pre-Registration and Post-Login Actions
- We are continuously adding more use cases to the pre-registration trigger but we have significantly more use cases and traffic in the post-login trigger.
-
Actions and Passwordless
- We don’t have support for Post User Registration Actions with Passwordless Signup yet. It is not supported in Early Access but the team is working on adding support for that.
-
Parity Gaps between Actions, Rules and Hooks
- We are working closely with the developer community to close off all feature parity gaps between Rules and Actions, while making our product secure with best practices. We have closed off major parity gaps but are evaluating some minor ones that might lead to risk against best practice. All valid parity gaps will be addressed before the end of the life of Rules. Please check our latest parity release here.
-
Information on migrating to Actions
- We have prepared detailed technical documents on how to migrate to Actions, you can follow the steps here and keep your Actions in the same order as your original Rules, the functionality should be identical. We also have a dedicated Move to Actions page that highlights feature comparisons, an Actions demo, and other resources to help you on your migration journey.
-
Delegated Administration Extension and Actions
- The Delegated Administration Extension (DAE) allows you to grant administrative permissions to a selected group of people without providing access to any other area. Delegated administration extension can be leveraged through Actions, and you can find out more information throughout our docs. You can use the Authorization Core feature set to create and manage roles for the DAE using Actions.
-
Actions and TypeScript
- Unfortunately at the moment we’re not considering TypeScript for development.
You can now unlock deeper identity customization with Auth0 by Okta. Starting today, you can use advanced features in Auth0 Actions, which include SAML Mapping, Root-Level User Attributes, and Access Token Scope. These new capabilities enable you to seamlessly upgrade from Rules to Actions - our flagship extensibility product. You can learn more from our blogpost.
Did you miss the event or want to read through all the questions and detailed answers? Look no further! Visit the AMA Community Topic here.
What’s Next?
We’re hosting our next online AMA in Auth0 Community in February. More details to follow. If you are into Workforce Identity Cloud, we’re also hosting an AMA session with the Okta FastPass team on January 31st. You can already start submitting your questions here.
If you want to learn more about the Community AMA Series check out this Community category.
If you have a suggestion for a future AMA topic, please reply below with your ideas!
See you next time!