Hey everyone! I am looking for some guidance on the proper implementation of an Auth0 post user creation hook. Basically what I am trying to do is fire off a post request to my sever with details of newly signed up user. I have implemented that using Axios, which was fairly strait forward. I am however looking to secure that API on my side, one method would be to simply white list the IP’s of the Auth0 Sever, however I don’t consider that a secure API.
I looked around on the documentation and a Bearer token is able to be passed over in the API request. My only issue is that no audience is specified which I believe is required for my API to authenticate. Does anyone have any best practices or a sample document on this type of implementation?
This type of setup is a form of M2M Authorization.
You can configure your API in the dashboard, register the hook as an M2M application (client), set up their permissions, then request an access token directly from the hook.
If you were using node for example, this shows you how to set up your API:
I successfully implemented a M2M to generate and token to then use on my API. Basically I have two asynchronous functions, one grabs a token then the other makes the actual post request. It performs this each time for the pre and post user registration. Is there the ability to store that token so we are not hitting the Auth0 servers for each request?
The only thing I can think of would be using hook secrets, but I don’t think this will persist across hook types.
To clarify what you are asking, are you wanting to share the token between a pre-reg and a post-reg hook (I don’t think this is possible, but you can try it), or share the token between two different signup events (this may be possible)?