Configuration

To set up Auth0 in the backend, you will need to get the following Auth0 environment variables and add the email to the access token.

AUTH0_DOMAIN=your_domain
AUTH0_CLIENT_ID=your_client_id
AUTH0_CLIENT_SECRET=your_client_secret
AUTH0_AUDIENCE=your_audience

Domain

To get the domain, you have to go to the API section found under the applications tab on the Auth0 dashboard, and create a new API.

This will create the API and an application with Machine to Machine (M2M) type.

Once done, you can access the application that was automatically created, copy the domain and paste it on the environment variables.

Management Client ID and Management Client Secret

By default, auth0 provides an api and an application called "Auth0 Management API". This will let you do all the things you're able to do on the dashboard, but with an API.

To use it, you have to get the keys and activate some permissions.

To get the keys, you have to enter to the "Auth0 Management API" found in the application section.

There you will see the Client ID and the Client secret. Copy both and paste them in the environment variables.

Also, you will need to activate some permissions to use certain functionalities such as the "Send verification email" endpoint.

For that, you have to go to Applications > APIs section > Auth0 Management API > Machine To machine Applications > Auth0 Management API (Test Application), and activate the "update:users" permission:

Management Audience

You can copy the Auth0 Management API audience in the APIs section.

Adding the email to the access token

When the users call the /auth/register endpoint, the API gets the user's email from the access token, and saves it to the database. But, by default, the email is not included on the Auth0 access token.

To add it, we need to create an Auth0 action flow. For that, you need to go to the Auth0 actions library and create one with the "Build Custom" button.

Once done, a modal should appear. Fill every field like shown in the image:

Open the custom action, paste this code and press deploy.

Replace the namespaces with your tenant.

exports.onExecutePostLogin = async (event, api) => {
  const namespaces = "https://test-roles.us.auth0.com";

  if (event.authorization && event.user.email) {
    api.accessToken.setCustomClaim("email", event.user.email);
    api.accessToken.setCustomClaim(`userRoles`, event.authorization.roles);
    api.accessToken.setCustomClaim(`${namespaces}/roles`, event.authorization.roles);
  }
};

Now you just need to add your custom action into a flow. For that you need to go to the flows section and choose "Login".

Then drag the custom action to the flow.

PreviousAuth0 NextProtecting an endpoint

Last updated 2 years ago

hashtagAdding the email to the access token

Adding the email to the access token