Configuration

Configuring Auth0 Action Settings

Add a Login/Post Login trigger for your action.
In the dependency name field, input axios and choose a version. We recommend using recommended environment.
Save your Action.

To add custom authentication logic:

Paste the following sample Auth0 Action Script in the provided Auth0 code editor:

exports.onExecutePostLogin = async (event, api) => {
  const axios = require('axios');
  const idpHookUrl = "https://{your-address}/idp-hook/auth0/action";
  const keysPrefix = "https:"
  const headers = { 
    "Content-Type": "application/json",
    'x-plainid-client': 'POBBVWIKIYVE5PX4FDZU',
    'x-plainid-secret': '5BQVXOpRg4MvPcmI2vp0XcHi0xTayBFsF5CODZsM',
    // 'x-plainid-workspace': '<workspaceId>' //Optional
  };

  try {
    const response = await axios.post(idpHookUrl, event, { headers });
    if (response && response.data) {
      for (const [key, value] of Object.entries(response.data)) {
        api.idToken.setCustomClaim(`${keysPrefix}${key}`, value);
      }
    }
  }
  catch (error) {
    console.error("error >>", error)      
  }
};

In the code editor, modify the address in the idpHookUrl parameter with your address. The rest of the endpoint should remain unchanged.

Optional: Change the keyPrefix to your preferred key name.

In the 'x-plainid-client' and 'x-plainid-secret' parameters, input your PlainID Client ID and Secret.

You can also refer to Auth0's article on Adding a secret if preferred.
Optional: Input your workspaceID in the x-plainid-workspace parameter if needed. If not in use, it uses the entityType. If specified, the entityType value is taken from the workspaceID value and is used in the Runtime request.

Click Deploy.

Defining a Flow

Flows are what allow you to organize in what order you want your Action/s to be executed. See Auth0's Explore Flows and Triggers article to learn more.
To define a flow:

In the Flows section, drag your relevant Action between Start and Complete.
Click Apply to save the flow.

Converting a Rule to an Action

Since Auth0 is deprecating Rules, we recommend that you begin converting your rules into actions. After determining which Rules are enabled for your Auth0 tenant, follow these steps to convert a Rule to an Action:

Create a new Action to replace your Rule.
- If migrating a Rule in a Production tenant, we recommend backing up your rule.
Update your Rule logic according to the Actions programming model, using the latest supported version of NodeJS. See Auth0's article on Access to npm Packages for more information
Test your new Action to make sure it functions as expected.
Deploy new Actions to Production tenants one Action at a time, disabling each existing Rule in parallel to creating a new Action.
Repeat the above steps for your remaining Rules, until they are all converted to Actions.

Define the Auth0 Rule Settings

Deprecation Notice

Auth0 is phasing out Rules and Hooks. It is strongly recommended to transition to using Actions as they will soon replace Rules and Hooks.

Create a new Rule with the following parameters:

Parameter	Value	Description
Name	PlainID Access	Any name
Script	See example below

Sample Auth0 Rule Script

function plainidRule(user, context, callback) {  
    user.user_metadata = user.user_metadata || {};  
    var configuration = {  
        "PLAINID_CLIENT_ID": "[PLAINID_SCOPE_CLIENT_ID]",  
        "PLAINID_CLIENT_SECRET": "[PLAINID_SCOPE_CLIENT_SECRET]"  
    };  
    var body = {  
        "user": user,  
        "context": context,  
        "config": configuration  
    };  
    var request = require('request');  
    var options = {  
        'method': 'POST',  
        'url': 'https://[PLAIN_ID_URL]/hook/auth0?appPostfix=-V5',  
        'headers': {  
            'Content-Type': 'application/json',  
            'x-plainid-client': '[PLAINID_SCOPE_CLIENT_ID]',  
            'ngrok-skip-browser-warning': 'true',  
            'x-plainid-secret': '[PLAINID_SCOPE_CLIENT_SECRET]'  
        },  
        body: JSON.stringify(body)  
    };  
    request(options, function(error, response) {  
        if (error) throw new Error(error);  
        var object = JSON.parse(response.body);  
        let idTokenClaims = context.idToken || {};  
        context.idToken = idTokenClaims;  
        for (const [key, value] of Object.entries(object)) {  
            idTokenClaims[`https:${key}`] = value;  
        }   
        return callback(null, user, context);  
    });  
}

Attribute/Parameter	Description
PLAINID_SCOPE_CLIENT_ID	The PlainID Scope Client ID
PLAINID_SCOPE_CLIENT_SECRET	The PlainID Scope Client Secret
PLAIN_ID_URL	The PlainID Base URL e.g.: - `acme-finance.us1.plainid.io`

Testing the Web-Hook

To simulate the user login to the web-application, we can use an OIDC tool (e.g. https://oidcdebugger.com/). This tests the full integration and allows you to review the Token Enriched JWT that contains the relevant claims (keys and values) - Sample configuration for https://oidcdebugger.com:

Attribute	Value	Description
Authorize uri	https://dev-0eddvg.us.auth0.com/authorize	The link to the defined Auth0 Client
Client ID	44430oa7ldghffeeoOiif4f	The Auth0 Application Client ID
Response Types	Select all available values
Scope	Openid

After the configuring the settings, click on “Send Request” to test the configuration.

If everything is set up correctly you will receive a JWT/Response with the relevant claims from the PlainID Access Policy, e.g.:

{  
  "sub": "00u7mdjdhdhdhjBky5d7",  
  "ver": 1,  
  "iss": "https://dev-0eddvg.us.auth0.com/",  
  "aud": "0oa7m66nxxZ30CEOg5d7",  
  "iat": 1673259158,  
  "exp": 1673262758,  
  "jti": "ID.fMPCup1auYv4cJWA8h_7rm2RpdWRfQ77uAWQh4OvFyo",  
  "amr": [  
      "pwd"  
  ],  
  "idp": "00o7ifadsdasddXcpgO5d7",  
  "nonce": "s9r39ftqr7dm",  
  "auth_time": 1673250531,  
  "at_hash": "RJasdfadsfSakS7s-YiwQ",  
  "c_hash": "f3tMasdfasdfz4DDKyyk2QKw",  
  "https:claimPortalRole": [  
      "Administrator"  
  ],  
  "https:DepartmentManagerLevel": [  
      "Senior"  
  ]  
}