“parity gap is being assessed and will be addressed before Rules Removal” across the board is not an update that inspires confidence.
When will timelines be available? Will the replacements be rolled out before hard deprecation in Nov 24 or before rules are removed from new tenants in Oct 23?
What about the Authorization Extension will that be deprecated alongside Rules or will it be updated/supported?
If it’s getting deprecated too are you adding Groups support to the core Auth features?
Yes it’s gonna be addressed you can check the response here:
We’ve already moved everything we could on actions, however, your rules’s deprecation notice without providing at least the SAME functionality on actions is a HUGE problem for us.
Problem: rules allow account linking via API and switching context for the right linked user using context.primaryUser (see Context Object Properties in Rules, Context Object Properties in Rules). Actions do not (as for today). This is a huge pitfall and must be addressed by you
The problem is the same as the one described by fran.pregernik here above:
First case: Automatic link of Social login and DB user with same email.
Here are some posts from other users which have the same problem:
“changing the user context as described here apparently relies on now-deprecated functionality from the
v1programming model for thePostLogintrigger. As it stands today, only thecontext.primaryUsermethod works to change the primary user (see Context Object Properties in Rules for more details), and this only works within a Rule context.”
So what we should do? It is clear that we expect from you that Context Object Properties in Rules Context Object Properties in Rules need to have a similar alternative with Actions, with context.primaryUser working on actions as it is now with rules (at least as it used to work with actions in 2021!).
You have paying customers relying on this functionality now in Production.
It is fine to set a deprecation notice on rules, but at least you need to provide an easy to migrate option with Actions, without asking us to re-implement all auth flows!
When this functionality will be restored on Actions (it used to work in 2021)?
Can you provide an ETA?
Hey there!
We’re actively working on all those gaps reference above and expect to have these available in the coming months before the start of the EOL. We are also considering an interactive Q&A sessions where for a few hours we will have the Rules and Hooks team (product managers and engineers) jump in to answer your questions live. We will let you know once we have more updates on that front. Thank you!
We use Active Directory login and we need to get a list of user AD groups to build access token with appropriate permissions. It works fine in Rules, we tried event.user.groups in Actions but it’s not working. Is there another way to get user’s Active Directory groups or it’s not implemented yet? Are you going to implement that before disabling rules and hooks?
Hey there everyone!
Got a bit of a new update. We don’t have final dates for addressing the gaps BUT for sure all the gaps should be addressed by Q2 apart from account linking which is target at Q3. Thank you for your understanding!
Quarters of which year? Q2 2023 ended 4 days ago
Sorry I meant our company Q2 in terms of our fiscal year. It’s moved by one month so our Q1 starts in February
Hi, does the end of life for rules and hooks affect any of the hooks in the Delegated Administrations Dashboard Extension?
Is it documented anywhere what the gaps are that are being addressed?
Hey there everyone!
Our OktaDev YouTube channel recently released a how to video on migrating from Auth0 Rules to Hooks and I wanted to share it here with you:
Just to make sure, you are talking about your company Q2 2023, right? So that would mean by the end of this month?!
Q2 2023 of Okta Fiscal year. Our fiscal year starts in February so Q2 ends at the end of July.
And here’s also another how-to video for migrating Auth0 Hooks to Actions:
Several folks have mentioned this above but I don’t see it addressed in any official comments here: the event.user object in the action does not have access to custom parameters set on the user profile, including those sent in an access token by the idp (even though those params are stored in the user profile). Is there an update on when/whether this will be available in actions?
I haven’t had a chance to test this yet, but I believe that a combination of the new claims mapping feature and Actions should solve this.
The feature is being rolled out currently. It’s not available in the region (eu-1) of my test tenant yet.
See Configure PKCE and Claim Mapping for OIDC Connections for how to configure claim mapping.
I’m interested to know if this really is the alternative we’ve been waiting for. Feel free to share your results if you manage to try it out
And how do you use actions instead of hooks with the Delegated Administrations Dashboard? The documentation just mentions hooks for now: Delegated Administration: Hooks
