Replace Auth0 Rules with Auth0 Actions#1375
Conversation
Summary
|
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
avanscoy
added
the
main-docs
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
hazel-nut
left a comment
hazel-nut
left a comment
There was a problem hiding this comment.
some thoughts since we're in here anyway, though i know the content is largely transposed from the original without editing. we can modify them in a follow-up if you prefer 😊
| const ipaddr = require('ipaddr.js'); | ||
|
|
||
| exports.onExecutePostLogin = async (event, api) => { | ||
| const corp_network = "192.168.1.134/26"; |
There was a problem hiding this comment.
can we use one of the RFC reserved IP addresses for documentation here? https://datatracker.ietf.org/doc/html/rfc5737
|
|
||
| You could also trigger this Action based on other criteria, such as whether the current IP matches the user's IP allowlist or whether geolocating the user reveals they are in a different country from the one listed in their user profile. | ||
|
|
||
| </Callout> |
There was a problem hiding this comment.
maybe we can remove this callout and add this info in normal text after the initial code sample (maybe with some links to content that would help the reader know how to implement some of them, if we have any)? it seems nicer as a transition in a next steps kind of way. :)
| // is auth method passwordless and IP outside corp network? | ||
| const passwordlessOutside = event.authentication.methods.find( | ||
| (method) => ( | ||
| ((method.name === 'sms') || (method.name === 'email')) && | ||
| (!current_ip.match(ipaddr.parseCIDR(corp_network))) | ||
| ) | ||
| ); | ||
|
|
||
| // if yes, then require MFA | ||
| if (passwordlessOutside) { |
There was a problem hiding this comment.
| // is auth method passwordless and IP outside corp network? | |
| const passwordlessOutside = event.authentication.methods.find( | |
| (method) => ( | |
| ((method.name === 'sms') || (method.name === 'email')) && | |
| (!current_ip.match(ipaddr.parseCIDR(corp_network))) | |
| ) | |
| ); | |
| // if yes, then require MFA | |
| if (passwordlessOutside) { | |
| const usesPasswordlessAuth = event.authentication.methods.some( | |
| (method) => method.name === 'sms' || method.name === 'email'; | |
| ); | |
| const outsideCorpNetwork = !current_ip.match(ipaddr.parseCIDR(corp_network)); | |
| if (usesPasswordlessAuth && outsideCorpNetwork) { |
since we're updating this code anyway: better to use includes() or some() when just testing for existence, and simpler & more readable to not embed the IP match inside the second condition's callback.
|
|
||
| With [Actions](/docs/customize/actions/actions-overview), you can handle more complicated cases than is possible with [passwordless connections](/docs/authenticate/passwordless) alone. For instance, you can add extra precautions to further ensure possession of an email address or device. | ||
|
|
||
| ## Require Multi-factor Authentication for users who are outside the corporate network |
There was a problem hiding this comment.
| ## Require Multi-factor Authentication for users who are outside the corporate network | |
| ## Require multi-factor authentication for users who are outside the corporate network |
2 participants
Description
Replaces an article on Auth0 Rules with Auth0 Actions
References
Testing
Checklist
CONTRIBUTING.md.