How can I authorize a post-registration action to access a protected endpoint?

andersco · February 21, 2022, 1:41pm

I have created a custom action for adding a user to my app’s database after they register via Auth0. That is currently working, with my app’s endpoint being called and the user being created.

However, I need to protect this endpoint in my app so that I only accept requests from the above action.

I am using a Next JS App and the API endpoint is part of the same app to which the user is registering. How can I authorize the post-registration action to have access to this protected endpoint?

For reference, this is the action and corresponding endpoint:

Custom action, triggered after user signs up

const axios = require("axios");

exports.onExecutePostUserRegistration = async (event, api) => {    
    await axios.post("<API URL>/api/users/new", { email: event.user.email });
};

Receiving Next JS API Endpoint that needs to be protected

I need to protect this endpoint so that it only accepts requests from the above action.

async function handler(req: NextApiRequest, res: NextApiResponse<Data>) {
  const email = req.body.email;

  if (!email) {
    res.status(400).send({ message: "Missing email parameter" });
    return;
  }

  const user = await createUser({
    email,
  });
  console.log("created user: ", user);
  res.status(200).send({ message: "user added", user });
}

Any tips or suggestions are appreciated!

jpw · September 22, 2022, 7:11am

I’m trying to do the same, did you find anything?

john.gateley · September 22, 2022, 2:49pm

Hi @jpw

I missed this the first time around. You can use the Client Credentials Grant (also known as Machine to Machine or M2M) to do this.

Set up an API in Auth0, and create an M2M application to use it. Then use Client Credentials grant in your rule, hook, or action to get the access token. Be sure to cache it to avoid high costs.

John

jpw · September 22, 2022, 6:13pm

Thanks for the reply, I was reading that you can’t cache tokens in an action, has that changed and is there a guide for that?

john.gateley · September 23, 2022, 1:06pm

Hi @jpw

Use a rule instead of actions, you can cache there.

John

konrad.sopala · January 8, 2024, 12:24pm

Hey there!

As this topic is related to Actions and Rules & Hooks are being deprecated soon in favor of Actions, I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!

Topic		Replies	Views
Auth0 post registration action with Next.js? Help login-experience , signup-prompt-new-experience	2	1431	August 11, 2023
How can I make a post request to API after a user signs up? Help user-profile , user-management	4	2479	December 12, 2023
How to access my custom protected API, created in Next JS Help management-api , client-grants	4	516	April 18, 2024
Actions is not working for PostUser Registration Help configuration , application	4	116	June 28, 2024
Validating actions request for machine to machine Help apis , application	1	830	January 8, 2024

How can I authorize a post-registration action to access a protected endpoint?

Custom action, triggered after user signs up

Receiving Next JS API Endpoint that needs to be protected

Related Topics