Strategy or pattern to securely trigger post registration event in external system?


I’m aware of the Post User Registration Flow Action (Post User Registration Flow), and I’m aware that this could be the best way to trigger some action in an external system (the example from Auth0 docs is trigger a Slack message for example).

My question is specifically about what options or common strategies are used to do this securely - in my case, when a new user completes registration I want to create a number of new records / provision resources in an external system (ok, AWS!) that have costs and other ramifications associated with them. I want to make sure that the Auth0 action is only able to trigger this action, which means some sort of security / authentication / etc.

Is there any sort of common pattern for handling this? I’m thinking something like request signing, etc?

I’d very much appreciate any thoughts / wisdom / ideas!

1 Like


I am also looking for a similar solution. Does Securing a backend API with Post User Registration - #5 by dan.woda not show two ways to accomplish this?

I guess the question you need to ask yourself: Is the auth being done as a the User or M2M?