Skip to main content

Auth0

If your application uses Auth0 to authenticate & manage users, you can automatically sync users from Auth0 to Warrant and set user claims based on access rules from Warrant using Auth0 Actions. This guide will provide sample Auth0 Actions for creating a user in Warrant when one is created in Auth0 and setting a user's claims using data from Warrant.

Functions

Creating a Warrant User

To create a user in Warrant when one is created in Auth0, define a onExecutePostUserRegistration function that will be triggered whenever an Auth0 user is created. The user created in Warrant will have a userId and email equal to the Auth0 user's user_id and email.

const axios = require("axios");
const WARRANT_API_KEY = "YOUR_API_KEY";

/**
* Handler that will be called during the execution of a PostUserRegistration flow.
*
* @param {Event} event - Details about the context and user that has registered.
* @param {PostUserRegistrationAPI} api - Methods and utilities to help change the behavior after a signup.
*/
exports.onExecutePostUserRegistration = async (event, api) => {
  await axios.post(
    "https://api.warrant.dev/v1/users",
    {
      userId: event.user.user_id,
      email: event.user.email,
    },
    {
      headers: { 'Authorization': `ApiKey ${WARRANT_API_KEY}` }
    }
  );
};

Deleting a Warrant User

Auth0 currently does not support an action on deletion of an Auth0 user.

Setting a user's claims

To set a user's claims to include the roles & permissions assigned to them in Warrant, define a onExecutePostLogin function that will be triggered whenever a user signs in, and add the user's roles & permissions from Warrant to the Auth0 custom claims object. Once the custom claims are set, you can use them to control access to features and resources in your application.

const axios = require("axios");
const WARRANT_API_KEY = "YOUR_API_KEY";

/**
* Handler that will be called during the execution of a PostLogin flow.
*
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
  let warrantClaims = {};

  let response = await axios.get(
    `https://api.warrant.dev/v1/users/${event.user.user_id}/roles`,
    {
      headers: { 'Authorization': `ApiKey ${WARRANT_API_KEY}` }
    }
  );
  const userRoles = response.data.map((role) => role.roleId);
  warrantClaims["roles"] = userRoles;

  response = await axios.get(
    `https://api.warrant.dev/v1/users/${event.user.user_id}/permissions`,
    {
      headers: { 'Authorization': `ApiKey ${WARRANT_API_KEY}` }
    }
  );
  let userPermissions = response.data.map((permission) => permission.permissionId);
  warrantClaims["permissions"] = userPermissions;

  response = await axios.post(
    "https://api.warrant.dev/v1/sessions",
    {
      userId: event.user.user_id,
      type: "sess",
    },
    {
      headers: { 'Authorization': `ApiKey ${WARRANT_API_KEY}` }
    }
  );
  warrantClaims["sessionToken"] = response.data.token;

  api.accessToken.setCustomClaim("https://warrant.dev", warrantClaims);
};