Understand How Auth0 Actions Work
Actions are secure, tenant-specific, versioned functions written in Node.js that execute at certain points within the Auth0 platform. Actions are used to customize and extend Auth0's capabilities with custom logic.
Auth0 Actions uses modern JavaScript's promise-based programming model, a basis for asynchronous functions in Actions.
The processes that can be extended in this way are called triggers. Trigger groupings represents the logical pipeline through which information moves during a single point in the Auth0 journey. Multiple Actions can be added to a trigger, with each Action executing in the order in which it was placed. Some triggers are executed synchronously, blocking the flow in which they are involved, and some are executed asynchronously, as indicated in the table below.
Actions are a cornerstone to our overall extensibility product at Auth0. With Actions, you can add essential custom logic to your login and identity flows specific to your needs. Actions also allow you to connect external integrations that enhance your overall extensibility experience. For example, you can add an Action to your login trigger to verify credentials such as a License or Passport using a Marketplace Partner who specializes in identity proofing.
What can you do with Actions?
What an Action can do is determined by where it is executed within the Auth0 runtime environment.
When a user is added to a database or passwordless connection.
| Trigger | Description |
|---|---|
pre-user-registration |
Triggers before a user is created. Does not run for social connections. |
post-user-registration |
Triggers asynchronously after a user is created. Does not run for social connections. |
login-post-identifier |
Triggers after a user has been identified, but before they have been authenticated. |
post-login |
Triggers after a user is authenticated but token hasn't issued. |
When a user logs in to any application.
| Trigger | Description |
|---|---|
login-post-identifier |
Triggers after a user has been identified, but before they have been authenticated. |
post-login |
Triggers after a user is authenticated, but before a token is issued. Learn more about post-login trigger |
When a password reset request is initiated.
| Trigger | Description |
|---|---|
post-change-password |
Triggers after a password is changed. Does not run for Social connections. |
password-reset-post-challenge |
Triggers after the first challenge is completed and before the password is reset. |
When using SMS as a factor for Multi-factor Authentication (MFA) or to configure a custom provider.
| Trigger | Description |
|---|---|
send-phone-message |
Triggers when using a custom provider to send the messages for the enrollment and the challenge process. Does not run social connection. |
Key benefits of Actions
Improved developer experience
When editing an Action within the Auth0 Dashboard, you will have access to rich type information and inline documentation about what is possible within each trigger, which makes it easy to discover what capabilities each Trigger supports.
An Action can be edited and tested without affecting the version that is currently serving production traffic.
If an issue is found within an Action, it can be rolled back to a previous version.
Access to npm packages
Nearly all public npm packages are available to be used within Actions.
Observability
When Actions are executed, Auth0 will capture key metrics about them and link them to Auth0 Logs.
Multiple Actions on every trigger
Every Action trigger supports multiple independent Actions.
Get started
See the current limitations of Actions.