Onboarding flow

Ok after some diggin into actions, hooks and rules I just ask here for any solution which simply provides some sort of an onboarding process for new registered users. I am really stuck and all my attempts are ending in nothing… So is there a way I can simply route a new user to an onboarding page in my application and after providing some information which are getting send to my API the auth flow works as usual?!

So basically this is what I want to achieve:

  1. User registers over auth0
  2. With registration an additional prop is set to app_metadata (onboarded = false)
  3. The user logs in, the onboarded prop is being checked and if false the user will be redirected to myapp.com/onboarding, if true he will be redirected to myapp.com/home
  4. If the user is in onboarding, a form will be presented which should be filled out with some data and on submit the data is sent to an API which is used along with auth0 (as audience)
  5. After the API responds successfully the onboarded prop should be updated to true or just deleted
  6. The user will be redirected to myapp.com/home

Any help would be highly appreciated…

What I have done so far:

  1. Created a hook which adds app_metadata.hasOnboarded on user registration
  2. Created configuration variables CLIENT_ID, CLIENT_SECRET and ISSUER
  3. Created the following rule:
function redirectToOnboardingForm(user, context, callback) {
  const url = require('url@0.10.3');
  const req = context.request;
  var hasOnboarded = user.app_metadata && user.app_metadata.hasOnboarded;
  function createToken(clientId, clientSecret, issuer, user) {
      const options = {
        expiresInMinutes: 5,
        audience: [
        issuer: issuer,
      return jwt.sign(user, clientSecret, options);

  // redirect to onboarding form if user has not yet onboarded
  if (!hasOnboarded && context.protocol !== 'redirect-callback') {
    const token = createToken(
        sub: user.user_id,
        email: user.email,
    context.redirect = {
      url: `http://localhost:8080/onboarding?token=${token}`

  // if user clicked has successfully onboarded, persist it to their profile
  // so they don't get redirected again
  if (context.protocol === 'redirect-callback') {
      user.app_metadata = user.app_metadata || {};
      user.app_metadata.hasOnboarded = true;

      auth0.users.updateAppMetadata(user.user_id, user.app_metadata)
          callback(null, user, context);

  callback(null, user, context);
  1. ToDo: Send onboarding data to my API (missing a valid token?!)
  2. When submit to API successful call mypage.com/continue?state=

I need to set the alg of the jwt to RSA256: So I added this to my options:

algorithm: 'RS256'

But this causes my app to crash:
Oops... error:0909006C:PEM routines:get_name:no start line

It looks like the certificate isnt valid here!

According to some other posts on this topic I think no one has ever figured this out! Ive been on this for 2 days now…