Extend your Auth0 identity workflows with Actions - powerful customization capabilities with an improved developer experience.
We're excited to announce the general availability of Actions, which simplifies your custom workflows for extending Auth0 and offers an improved developer experience from Rules and Hooks!
What Is Actions?
One of the core capabilities that Auth0 brings you is the power of serverless extensibility.
You might have used Rules already to execute custom code after your users log in, or Hooks which offer similar functionality around certain other extensibility points. If you have, you'll be forgiven for trying to remember which area to use for what purposes, or wonder why the experience of each is so different.
This is where Actions comes in.
Auth0 Actions provides a unified view across secure, tenant-specific, self-contained functions that allow you to customize the behavior of Auth0. Each action is bound to a specific triggering event on the Auth0 platform, which executes custom code when that event is produced at runtime.
Rules and Hooks Got Us Here
Rules are a really powerful feature of Auth0 and are possibly one of the biggest reasons we stand out from the crowd. They allow you to run custom code after the user logs in and before your tenant hands them back to your application. Being able to augment claims in ID and Access Tokens, call external APIs, or control MFA processes, to name just a few examples, is a game-changer for many.
If you've used them extensively, we're sure you've experienced some limitations.
For starters, we keep a curated list of around 2,000 npm packages that you can use in your scripts. Keeping the list up-to-date and adding new packages is constant work for us and frustration for you.
And a newly saved rule is immediately active, affecting the next user to log in - there's no easy way to test it before this time.
Hooks was our first attempt to improve the experience. The main difference was an improved code editor, and the ability to search for npm packages available in the curated list. You also got access to a more integrated code testing interface with direct access to logs.
By focusing on events outside of the authentication workflow, Hooks added five extensibility points you could tap into:
- Client Credentials Exchange,
- Post Change Password,
- Post User Registration,
- Pre User Registration, and
- Send Phone Message
There are still a few disadvantages, though. Each hook can only have one active script, and you still have the issue of needing to make custom code live to test it.
And of course, now your custom code is split between two locations in the dashboard.
Further, neither Rules nor Hooks have version history. While this is easily solved by using the Deploy Command-Line Interface (CLI) Tool, we wanted to provide this ability directly in the dashboard.
Top comments (0)