Enforce PKCE with Actions

auth0.knowledge2 · March 26, 2025, 5:00pm

Overview

This article will provide a step-by-step guide on how to enforce Proof Key for Code Exchange (PKCE) using post-login actions.

Applies To

Proof Key for Code Exchange (PKCE)
Actions

Solution

Navigate to https://manage.auth0.com/;
On the Dashboard, click on Actions > Library
On the top right corner, click on Create Action > Build From Scratch
Choose the desired name, and the Trigger should be Login / Post Login
Use the code snippet provided below and adjust it as required
Deploy and add the action to the trigger

exports.onExecutePostLogin = async (event, api) => {

 const code_challenge = event.request.query.code_challenge;




 if (!code_challenge) {

  api.access.deny("You are not allowed to Login")

 }

};

Topic		Replies	Views
PKCE code is dropped on sendUserTo Integrations auth0 , pkce	1	1162	October 31, 2023
Force email verification using Actions Get Help verification-email , actions	3	9146	January 26, 2022
Android SDK with PCKE Get Help android	4	3468	March 3, 2020
Monthly Quick Tips Announcements	1	961	September 20, 2023
Custom Action: user stays logged into Auth0 after api.access.deny Get Help login-experience , new-universal-login-experience	10	143	September 25, 2024

Enforce PKCE with Actions

Overview

Applies To

Solution

Related topics