Custom Database Connection and Action Script Best Practices

Availability varies by Auth0 plan

Both your specific login implementation and your Auth0 plan or custom agreement affect whether this feature is available. To learn more, read Pricing.

Extensibility allows admins to add custom login in Auth0 as a mechanism for building out last-mile solutions for Identity and Access Management (IdAM). Each extensibility type uses Node.js and runs on the Auth0 platform in an Auth0 tenant.

Auth0 Extensibility comes in several forms:

  • Actions: Actions are secure, tenant-specific, versioned functions written in Node.js that execute at certain points within the Auth0 platform. Use actions to customize and extend Auth0's capabilities with custom login.

  • Rules: Run when artifacts for user authenticity are generated. For example:

    • ID Token in OpenID Connect (OIDC)

    • Access Token in OAuth 2.0

    • An assertion in SAML

  • Hooks: Provide additional extensibility when there is an exchange of non-user-related artifacts and when user identities are created such as pre-user registration and post-user registration.

Below are some best practices for using Auth0 Extensibility products:

  • Scripts for both custom database connections and migrations are used to integrate with an existing user identity store or where automatic user migration from an independent or legacy identity store are required. For more more configuration information, review Create Custom Database Connections.

  • To avoid user duplications, set a consistent user_id on each returned user profile. Additionally, ensure that you don't return the same email address for two different users in the get_user or login script and make sure both scripts return the same user.

  • To support backwards compatibility, app_metadata is called metadata in custom DB scripts. Since data transfer can be interrupted, use an Action to fetch the metadata that should be in app_metadata or user_metadata if it's missing.

  • Ensure you restrict access to the audience with an Action.

Auth0 Extensibility is a comprehensive and sophisticated capability to tailor IdAM operations, but can also expose your database to improper or unintended use. The documents in this section highlight best practices to both designers and implementers; we recommend reading them in their entirety at least once, even if you've already started your journey with Auth0.

Learn more