How to: Enrich Users' Profile with Auth0 IP Signals and Rules

What are the User Profiles

User profiles contain information about your users, such as name and contact information. User information is stored in a user profile and can come from a variety of sources such as identity providers, your databases, and enterprise connections (Active Directory, SAML, etc.). The user profile attributes can also include information from the authenticating services (such as Facebook or LinkedIn).

Auth0 allows you to store metadata, which is data related to each user that has not come from the identity provider. You can use user_metadata to store custom attributes such as the user’s favorite color or hobby.

You can learn more about User Profiles here..

What are Auth0 Rules?

Rules are JavaScript functions that execute when a user authenticates to your application. They run once the authentication process is complete, and you can use them to customize and extend Auth0’s capabilities. For security reasons, your Rules code executes isolated from the code of other Auth0 tenants in a sandbox.

Among many possibilities, rules can Enrich user profiles: query for information on the user from an external database/service, and add it to the user profile object.

Rules are a crucial component of the extensibility capabilities of Auth0, and you can learn more about Rules here.

The goal: enrich User Profiles with Auth0 Signals information

This article will explain how to enrich the User Profile using Auth0 IP Signals with this information:

  • The list of blacklists where the Auth0 Signals service found the source IP address used to authenticate if any.
  • The country, continent, and AS used to authenticate.

We will need to create two rules: one rule for the blacklists and another rule for the geolocation information. The rules will store the metadata information in the user_metadata data structure.

Pre-requirements

Sign up for an Auth0 account

If you haven’t already signed up for an Auth0 account, do so (it’s free). You can either use username and password or log in with a social provider (such as Facebook, Google, or Apple). If you are not familiar with Auth0, you can learn the basics here.

Sign up for an Auth0 Signals account

Auth0 Signals and Auth0 are two different services, and users need to sign up for both to use them. Please read this short tutorial if you don’t have an Auth0 Signals account yet.

An application using Auth0

If you already have an application using Auth0 to authenticate your users, then you are ready to go. If you don’t want to use your existing app/service or still don’t have an application using Auth0, you can use these training labs.

Install & Configure the Rules

Github public repository

There is a Github public repository with the source code of the rules used in this article: auto0-signals/signals-rules

Rules installation

Auth0 Signals need a valid API Key. You can obtain the API Key as described here. To make this API Key available to all the rules you have to add it as a Global Variable:

  1. Open the Auth0’s Dashboard, and locate the Settings section.

  1. Enter the variable key/value pair: AUTH0SIGNALS_API_KEY/Your API Key and click Add.

Now you have to copy and paste the rules:

  1. Navigate to the Rules page in the Auth0 Dashboard, and click Create Rule .

  1. Select the rule template “Empty rule” at the top.

  1. Name the rule, copy the source code of the rule, and click Save Changes.

Repeat this process for both rules.

Rule 1: Enrich User Profiles with blacklists

This rule will add a new source_ipattribute to the user_metadata of all User Profiles. The source_ip will have a blacklists attribute. The attribute will contain an array of blacklist IDs obtained after querying to Auth0 IP Signals about the IP address of the user’s last login. When the user signs up, or each time the user signs in, this information will be updated—the source code of the rule is in Github.

If the IP address is not found in any dataset, then the user_metadata should have the following content:

{
  "source_ip": {
    "blacklists": [],
    "ip": "AAA.BBB.CCC.DDD",
  }
}

but if the IP address is found in one or more datasets the blacklists array will show the IDs:

{
  "source_ip": {
    "blacklists": ["TOR","STOPFORUMSPAM-1"],
    "ip": "AAA.BBB.CCC.DDD",
  }
}

Rule 2: Enrich User Profiles with geolocation and network data

This rule would add a new source_ipattribute to the user_metadata of all User Profiles if it were not created yet. The source_ip will have:

  • country_code: ISO 3166-1 country code.
  • continent_code: The continent codes are AF, AN, AS, EU, NA, OC, SA
  • asn: Autonomous System number.
  • asn_name: Autonomous System name.

Auth0 Signals will return this information after querying about the IP address of the user’s last login. When the user signs up, or each time the user signs in, this information will be updated—the source code of the rule is in Github.

The rule will always return these attributes, for example:

{
  "source_ip": {
    "ip": "AAA.BBB.CCC.DDD",
    "country_code": "ES",
    "continent_code": "EU",
    "asn": "3352",
    "asn_name": "Telefonica De Espana"
  }
}

What to do next?

Now every time a user signs in, this information will be stored in the user_metadata. We can keep this data for informational purposes only, or we can try to modify the authentication workflow as follow:

  • Modify or Add a new rule behind that will execute after the original rules to check the information given and make a decision. For example, if the blacklists contain any blacklist, then the authentication workflow is not authorized.
  • Use the Management API to read the metadata and take the actions needed in your application.
1 Like

This is awesome, thanks for putting it together @parrilla! Please let us know if you have any questions everyone!

1 Like