Auth0 Community Ask Me Anything: Rules & Hooks and why Actions matter!

Hi there! I want to use an action to reject any request to change the role attribute in our app_metadata from our API
Basically I want roles to be set exclusively from the Auth0 dashboard.
is that possible? What would be the trigger?

You are moving away from Rules and Hooks, towards Actions. In terms of that, does Auth0 have any plans related to Actions and Auth0 pricing plan that we can expect this year?

Is there like a single source / doc where we can find all the information about migrating to Actions? No matter if that’s about Rules or Hooks.

I really like the format of Auth0 Blog. Do you plan to release more Actions related content through Auth0 blog articles?

1. Dose Action support the modifying the scope?
2. In Rule, we were having ‘Rule config’ section to store global config. How are we going to manage this with Auth0 Actions?
3. Does Action will get execute during the ‘Client Credentials Flow’? As Rules were not executing during ‘Client Credentials Flow’. [Ref -Rules Execution Best Practices]

Would you say that this doc is the best starting point for somebody who wants to start working with Actions or is working on Rules & Hooks migration?

I still have the question about the delegated administrations extension:
…so I need to convert the Delegated Administration Extension’s hooks to actions but I don’t see anything in the documentation about how to map the various hooks to appropriate actions or what methods in an action to use for them.
There are: Filter Hook, Access Hook, Membership Query Hook, Settings Query Hook and Write hook.
I can’t find any info on which type of action to rewrite them into, is it a Login/Post login or M2M or a specific method on one of these actions?
How would they fit into the flow are there any specifics to be aware of?
Are there examples anywhere I can refer to?
Thanks in advance!

Actions console logging is very limited:

1. max log line is 127 char
2. in a post-login action, if you console log in the onContinuePostLogin function, all logs in the onExecutePostlogin function is now shown the in the monitoring → logs events.

Logging is very useful for debugging. I understand performances issues at production but during development is essential.

Inconsistent handling of user_metadata area among Auth0 functionalities.

Some functionalities like the fetchUserProfile script cannot save (=it is not supported) in the user_metadata object. This is a non sense as the purpose of the script should be to retrieve user data. We are now using the work-around to save custom user data on the top level of the profile.

Other functionalities like the actions work only on user_metadata. They cannot access to custom user data at the root of the profile.

Example:

1. During OAuth authentication, via the fetchUserProfile script, I get the business address of the user. I cannot store it in the user_metadata so I use a custom ‘businessAddress’ object at top level of the profile.
2. Using a post-login action I redirect the user to a custom page to collect, for example, their interests. Using actions I can only save the interests field in the user_metadata.

At the end, I have user custom data both at the top level of the profile and inside the user_metadata. Not a very clean solution.

it would be nice to have all Auth0 functionalities to be able to access in read/write mode the complete user profile. As first step, let us use the fetchUserProfile to save data in the user_metadata. Thanks.

I really like the format of Auth0 Blog. Do you plan to release more Actions related content through Auth0 blog articles?

Hey gang, thanks for doing this.
I have 2 questions.

First one, how far are we in implementing pre-login hooks?
This is useful if I want to be able to inject last_login into app_metadata.previous_login before actually accessing them later.
This is because, the last_login quickly get written over once the user logged in and we have no opportunity to utilize that info for something else.

Second one, how far are we in the journey of writing the Actions in Typescript?
It would greatly increase developer productivity if we decided to move into that direction.
If we have decided otherwise, do you mind walk us through on why we decide to ditch Typescript?

Thanks !

Hello Stefan, abovedmenionted attributes are not part of standard Auth0 profile, this is why they are not mentioned in our docs, but we do expose custom attributes that are coming from external IdPs. Make sure you are using an Action with the latest API (v3)

Hello Jared, The groups attribute should be available here:event.user.groups , make sure that your Action is on the latest API (v3).

Hello Richard,The event parameter in Actions is immutable, to change attributes on the idToken, use api.idToken.setCustomClaim('picture', undefined);

Hello Mariano, we have example code provided in the following doc:

and they need to be adjusted to the business case of the client. As such getManagementApiToken is a place holder to get a token for Management API.

Hello Dan, we are actively working on an open source marketplace repo to allow developers and partners to contribute to the integration ecosystem around Actions, and this should be something to expect in 2024.

Hi Rueben, After Nov 2024, Rules and Hooks will not be available to all tenants. We will end of life these features and the login pipeline that involves Rules and Hooks will stop functioning.

All users must migrate their legacy Auth0 pipeline to Actions before the date.

You can now unlock deeper identity customization with Auth0 by Okta. Starting today, you can use advanced features in Auth0 Actions, which include SAML Mapping, Root-Level User Attributes, and Access Token Scope. These new capabilities enable you to seamlessly upgrade from Rules to Actions - our flagship extensibility product. You can learn more from our blogpost

Hello Lostfield, Access token scope modification is available in Actions now. Developers can freely add or remove claim scopes with custom APIs, enhancing the ability to meet overall security needs. Learn more about Access Token in our Docs.

Hello! We have a resourceful Developer Relations Youtube Channel with information and tutorials on Actions and how to migrate to Actions, while we are adding more tutorials, you can also check out Templates for Actions to start off your migration. You can find specific videos such as how to Migrate Hooks and Rules.