Authenticate calls from auth0 hooks to my server

app.charttt · May 8, 2020, 10:02pm

I want to call my server from postRegistration hook.
I can write my own authentication layer for that, but I guess there’s already something that I can use.
The hook function looks like this: function (user, context, cb)

Looking at the context object, I’ve found that all of the following contain the same secret:
context.webtask.data.auth0-extension-secret
context.webtask.headers.authorization
context.webtask.meta.auth0-extension-secret
context.webtask.secrets.auth0-extension-secret

And all of the following contain the same jwt:
context.webtask.headers.x-wt-token
context.webtask.storage.backchannel.requestDefaults.headers.authorization
context.webtask.storage.backchannel.token
context.webtask.storage.token

I’m not even sure what fields from the context am I supposed to be using. Most of it looks like details of the request between auth0 and webtask.io (the service that auth0 are using to run my hook script)

So - can I use the secret or JWT as authentication to my own server? If I can, which path in the context should I prefer?

Thanks

dan.woda · May 11, 2020, 9:26pm

Welcome to the Community @app.charttt!

To make the call between your hook and server, you should be using a M2M flow. Check out this FAQ about making the call from a rule, it is a very similar scenario:

system · May 26, 2020, 9:26pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.