Syncing Auth0 with external identifiers

Recently I managed a mobile app with Auth0 authentication and connected each user to its CRM’s identifier. For me, the connecting field was the phone number (for SMS passwordless connection type).

To get that I used a post-login Rule: Auth0 will call your backend with some fields and get back the external user ID and other relevant metadata, then save the external user id on the Auth0 user metadata.

Later when you want to get this data on the IDToken auth inside your JWT you need another rule to save from the user_metadata into the IDTOKEN.

Create the first rule — use “Add persistent attributes to the user”. You can probably use the code that Auth0 used there as a template.

This is my code for the first rule:

  1. Here I'm syncing other product-specific data with the CRM so it's not only the external user Id.
  2. If there was a sync today, I don't run it again.
  3. In the rules section, fill configuration keys and values for your URL and secrets.
  4. You can debug this rule inside the rule editor with “Save and Debug”.
  5. You can debug real usage of this rule by installing the “Real-time Webtask Logs” Extension. Just find the Extension menu in the Auth0 dashboard, and try with a real signing to your app.
  6. Now ideally we can see user metadata of users under the “Users” menu.

Create a second rule for having this data with IdToken JWT:

  1. By the docs, data must be saved under a namespace key.

When you log in to your client:

Make sure to pass the parameter of

response_type: 'token id_token'

1. id_token will return a JWT token with the profile as described on the scope.
2. token will return access_token to use with further API calls.