As I understand it, custom scripts are not required when using an Auth0 provided data store within my Auth0 connection. However, when trying to remove the custom scripts in our dev instance using the Auth0 Terraform provider, login fails and there’s no log entires within the Monitoring Logs. This surprises me because when initially creating the resource there were no custom scripts and login worked in all three of our tenants (dev, staing, production). In fact, in two of our tenants (staging, and production) it’s working fine without them. However, when removing them from dev is where problems arise in our dev instance. I believe someone might have used the management UI to change a resource in Auth0 which led to the script creation, but we’re not sure which change would have created these scripts.
I also noticed some weird behavior, that if I change the script for “change_password” to the string “blamo” (as opposed to a javascript function), then try to change the user’s password in the management portal, I get the following error: “Error! Sandbox Error: blamo is not defined”. This leads me to belive that custom scripts are in fact required, despite your Ask AI chat bot telling me they aren’t required. I’ve added screenshots to show this.
I’m confused about this and it’s causing us problems. Can you please clarify
What actions in the UI would lead to custom scripts being created for our Auth0 connection despite it only using an Auth0 provided data store
Why are these custom scripts unable to be deleted without breaking login, change password, and other functionality
Is it possible to delete the scripts without breaking login, change password and other functionality.
If you are using it as a regular database connection, then you need to disable the Use my own database option in your database settings.
In Terraform, you will need to include enabled_database_customization = false in your options object for your connection. (Reference: Terraform Registry)
Firstly, I have just checked your dev tenants and noticed in the logs that there were successful login events (s log event type). Secondly, I verified that your settings are correctly configured with the custom database option disabled.
Based on your last bullet point about the login failing because it is asking for custom_scripts.login to be a valid javascript function, it seems like it’s expecting something like the following:
If you have set the custom_database_customizations = false, then you might need to also omit the custom_scripts = {} code block to prevent any unwated issues arising from an undefined or empty custom script.
I had to re-add the custom_scripts after our dev tenant functionality (login, forgot_password, etc.) was broken when setting custom_scripts = {}.
Here’s the order of operations we had while trying to understand and fix the problem:
Initial setup with Terraform, using custom_scripts = {} → login working
Custom scripts somehow (accidentally in the UI?) populated with JS scripts between steps 1 and 3 → login working
Setting custom_scripts = {} → login broken
Re-add valid functions, like the one you described, to custom_scripts → login working
Set custom_scripts = {}, or remove custom_scripts = {} → login broken,
This leads me to believe that custom_scripts needs to be populated with valid javascript functions in order for login to work, however, it was previously set to an empty object on multiple tenants (including this very dev tenant), which is where my confusion around this arises. The documentation also suggests this should be working, which makes me nervous since we’ll use the same module as dev in our production instance.
This leads me to the question: why is custom_scripts requiring valid JS functions with custom_database_customizations = false on this tenant when other tenants didn’t require this setting?
I hope that helps clarify what we’re experiencing, how we’ve narrowed down the issue, and why we’re confused about the configuration around custom_scripts and custom_database_customizations.
I’m glad the login is working now after including the default custom_scripts. This is also justified by the example from Terraform, which includes these scripts for a regular database connection.
It seems that the reason for requiring the empty scripts must have something to do with the way the it expects it to be non-empty to define the database connection correctly. This setting looks like it needs to be defined even if it’s unused.
