Skip to content

Instantly share code, notes, and snippets.

Created Apr 28, 2022
What would you like to do?
Auth0 post-login action
const sendUserTo = 'http://localhost:3000/account/registration';
const successUrl = 'http://localhost:3000/account';
exports.onExecutePostLogin = async (event, api) => {
// If the user has accepted the terms already, we don't need to do anything else
if (event.user.app_metadata.terms_and_conditions_accepted) return;
// Redirect the user to the full registration page
const sessionToken = api.redirect.encodeToken({
secret: event.secrets.MY_SHARED_SECRET,
payload: {
iss: `https://${event.request.hostname}/`,
sub: event.client.client_id,
api.redirect.sendUserTo(sendUserTo, {
query: {
session_token: sessionToken,
redirect_uri: `https://${event.request.hostname}/continue`
// Handler that will be invoked when this action is resuming after an external redirect. If your
// onExecutePostLogin function does not perform a redirect, this function can be safely ignored.
exports.onContinuePostLogin = async (event, api) => {
const payload = api.redirect.validateToken({
secret: event.secrets.MY_SHARED_SECRET,
tokenParameterName: 'token',
api.user.setUserMetadata('first_name', payload['']);
api.user.setUserMetadata('last_name', payload['']);
api.user.setAppMetadata('terms_and_conditions_accepted', payload['']);
api.redirect.sendUserTo(successUrl, {query: {success: 'true'}})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment