Send Logged-In Email Alerts Using Auth0 Actions
Heyo ✋
Auth0 recently rolled out a new feature called Actions. Actions are Node.Js functions that allow you to build your custom plug and playable logics that are running on Auth0 runtime. Actions currently support NodeJs only but we can expect other language support in future.
In this story, We are going to see how to implement a custom logic that automatically sends an account logged-in alert email with some data such as Ip-Address, Geo Locations and Timestamp.
1. Jump into the Auth0 Dashboard
In this story, I use the default database username-password authentication. This is a default authentication you can see after creating your Auth0 Account.
Once you navigated to the dashboard, Go to the Actions page and select Login Flow. Because we need to send the email when your log into the account.
2. Create New Custom Action
Auth0 provides a lot of actions you can easily install into your flows. But in this case, we are going to develop our custom action. So let’s navigate to the Custom tab and create a New Action.
Name your action and select the trigger. Login flow only supports Login / Post Login trigger, But Auth0 Action has some other useful triggers too.
⭐️ Find more about triggers: https://auth0.com/docs/actions/triggers
Once you created the action, You can see the code editor where you can develop, test and deploy your action.
3. Setup Email Account
Before jumping into the code, Set up your email account. I am using SendGrid here, But it’s totally your choice you can use any email service provider.
4. Setup Node Modules & Secrets
Also, actions allow us to add node modules that we can use in code. Since I am using SendGrid, I need to add the SendGrid/mail package to send emails. You can use any npm packages up to 10.
Apart from node modules, We can define our secrets in action as key-value pairs. Here I added my Sendgrid_API_Key. Secrets have some limitations too. Each secret key may have a maximum length of 128 characters and the value may have a maximum length of 2048 characters.
5. Write The Action Logic
The action code will be executed based on the trigger. In our case, It is the Login / Post Login trigger.
The trigger handler methods will receive 2 objects called event and api. The event object will contain all the information regarding the triggered event.
⭐️ More about event object: https://auth0.com/docs/actions/triggers/post-login/event-object
Example event object:-
The api object provides methods to change the behaviour of the flow like denying login process, enforcing MFA and etc. These event and api objects will contain different data and methods based on trigger type.
⭐️ More about api object: https://auth0.com/docs/actions/triggers/post-login/api-object
Okay, Let’s implement our logic. First of all, we need to collect the necessary information about the login from the event object.
See the above event object example for reference.
Since we are using SendGrid here, We need to import the SendGrid package and initialize it using our api key. We already added the SENDGRID_API_KEY in step 4. We can access it in code from the event object like event.secrets.SENDGRID_API_KEY
Now, all we have to do is implement another function to send an email to the user. In this function, We should create a good looking email template and bind data to it. Then send the email to the email address of the user.
Note: This email function implementation fully depends on your email service provider. You might need to change something according to that.
Once the sendMail function is ready, We need to call it from onExecutePostLogin to send emails. The final code is given below.
Once you are done with the implementation, You can run the action for testing purposes, But once you have done with your testing don’t forget to deploy it.
6. Add the action to the flow
Once you deploy you need to add the action to the flow by just dragging and dropping it. You can multiple actions, Which will be executed according to the order sequence.
DONE! It’s testing time 🙄
Let’s try to log into the Auth-0 default application authentication and see whether do we receive emails or not.
I logged into the account, Let’s check the email.
Wahooo! Works like a charm 😍✨
Conclusion
Auth0 actions allow us to customize and extend the authentication and authorization behaviour with custom logic. One of the beautiful things about Actions is, It allows to drag and drop actions anywhere into the flows that give clean visuals of the entire flow and actions used.
And,
This is my last story of 2021, Will meet you with another story in 2022. Wish you all a very happy new year. 🎉🍾
