Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save sandrinodimattia/f627f6c718865c36d8f8d19525432f4a to your computer and use it in GitHub Desktop.
Save sandrinodimattia/f627f6c718865c36d8f8d19525432f4a to your computer and use it in GitHub Desktop.
Automatic configuration of the Auth0 Login Page and Email Templates

Customzing the Password Reset Page

Go to the API v2 explorer and generate a token with update:tenant_settings. Then call the tenants endpoint with the new HTML:

PATCH https://{YOUR_DOMAIN}/api/v2/tenants/settings

{
  "change_password": {
    "enabled": true,
    "html": "<!DOCTYPE html>\n<html>\n<head>\n  ..."
  }
}

Customizing the Login Page

Go to the API v2 explorer and generate a token with read:clients and update:clients. Then click on API Key/Secret to figure out what your Global Client ID is (API Key).

Then you should call the following endpoint with the token: GET https://{YOUR_DOMAIN}/api/v2/clients/{YOUR_GLOBAL_CLIENT_ID}

{
  ...
  "custom_login_page": "<!DOCTYPE h...",
  ...
  "custom_login_page_on": false
}

In order to activate and update the custom login page you need to call the following endpoint PATCH https://{YOUR_DOMAIN}/api/v2/clients/{YOUR_GLOBAL_CLIENT_ID} with this payload:

{
  "custom_login_page": "<!DOCTYPE html>\n<html>\n  <h...",
  "custom_login_page_on": true
}

Customizing Email Templates

These endpoints are still using API v1.

Email types:

  • verify_email
  • welcome_email
  • reset_email
  • blocked_account

Getting a Token

Go to https://{YOUR_AUTH0_CLUSTER}/docs/api/management/v2 and click the API Key/Secret link to get your Global Client ID and Secret.

Then you can call the following endpoint to get an API v1 token:

var request = require("request");

var options = {
  method: 'POST',
  url: 'https://{YOUR_DOMAIN}/oauth/token',
  headers: {
    'cache-control': 'no-cache',
    'content-type': 'application/json'
  },
  body: {
    grant_type: 'client_credentials',
    client_id: '{GLOBAL_CLIENT_ID}',
    client_secret: '{GLOBAL_CLIENT_SECRET}'
  },
  json: true
};

request(options, function(error, response, body) {
  if (error) throw new Error(error);

  console.log(body.access_token);
});

Get an Email Template

Call GET https://{YOUR_DOMAIN}/api/emails/{TEMPLATE_TYPE} which returns:

{
  "template": "verify_email",
  "tenant": "sandrino-dev-eu",
  "from": "",
  "subject": "Welcome here!",
  "resultUrl": "http://jwt.io",
  "body": "<html>\n...",
  "disabled": false,
  "urlLifetimeInSeconds": 432000,
  "syntax": "liquid"
}

This will return 404 if the template has not been configured.

Create an Email Template

To create an email template you can call POST https://{YOUR_DOMAIN}/api/emails/ with the following payload:

{
  "template": "verify_email",
  "tenant": "sandrino-dev-eu",
  "from": "",
  "subject": "Welcome here!",
  "resultUrl": "http://jwt.io",
  "body": "<html>\n  ...",
  "disabled": false,
  "urlLifetimeInSeconds": 432000,
  "syntax": "liquid"
}

Update an Email Template

To update an email template you can call PUT https://{YOUR_DOMAIN}/api/emails/{TEMPLATE_TYPE} with the following payload:

{
  "tenant": "sandrino-dev-eu",
  "from": "",
  "subject": "Welcome here!",
  "resultUrl": "http://jwt.io",
  "body": "<html>\n  <head>...",
  "disabled": false,
  "urlLifetimeInSeconds": 432000,
  "syntax": "liquid"
}

Note, you can set disabled: true to disable an email.

Copy link

ghost commented May 25, 2016

The 'GET' works: hence I'll assume the template is there, so a PUT is what I need to do.
The 'PUT' replies with a mongodb error, my payload seems correct: '$set' is empty. You must specify a field like so: {$set: {<field>: ...}}
The 'POST' (just to test) replied with: 'Email template must have a value'. Which doesn't tell me much.

The payload constructed for PUT & POST was based on the output of the 'GET'.

@twistedstream
Copy link

There's now a new email type that can go under Customizing Email Templates for Password Breach Alert:

  • stolen_credentials

@matchdav
Copy link

supported email templates

reset_email
welcome_email
enrollment_email
stolen_credentials
verify_email
blocked_account

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment