-
Notifications
You must be signed in to change notification settings - Fork 6
/
redirectRuleExample.js
74 lines (62 loc) · 2.1 KB
/
redirectRuleExample.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
/* global configuration, auth0 */
/**
* Exmaple Rule to redirect for verification and store the result in the user meta.
* Use Rules configuration to define:
* - SESSION_TOKEN_SECRET: Long, random string
* - ID_VERIFICATION_URL: URL to receive the redirect
*
* @param {object} user
* @param {object} context
* @param {function} callback
*/
async function redirectRuleExample(user, context, callback) {
const {
Auth0RedirectRuleUtilities,
Auth0UserUpdateUtilities,
} = require("@auth0/rule-utilities@0.2.0");
/*
Override or set defaults for configuration values
const customConfiguration = {
...configuration,
...{
SESSION_TOKEN_SECRET: "custom token secret",
SESSION_TOKEN_EXPIRES_IN: "in seconds or a string describing a time span",
}
}
*/
const ruleUtils = new Auth0RedirectRuleUtilities(
user,
context,
configuration // or customConfiguration
);
const userUtils = new Auth0UserUpdateUtilities(user, auth0, "namespace");
if (ruleUtils.isRedirectCallback && ruleUtils.queryParams.session_token) {
// User is back from the redirect and has a session token to validate.
try {
ruleUtils.validateSessionToken();
} catch (error) {
callback(error);
}
// ... do something with POSTed or param data ...
userUtils.setAppMeta("is_verified", true);
try {
await userUtils.updateAppMeta();
} catch (error) {
callback(error);
}
callback(null, user, context);
}
// Some kind of context check occurred to determine if a redirect should happen.
if (ruleUtils.canRedirect && !userUtils.getAppMeta("is_verified")) {
try {
// This method automatically creates a session token.
// To add data to this token, use ruleUtils.createSessionToken and pass { sessionToken: yourSessionToken } as second param below.
// To omit the session token, pass { generateSessionToken: false } as second param below.
ruleUtils.doRedirect(configuration.ID_VERIFICATION_URL);
callback(null, user, context);
} catch (error) {
callback(error);
}
}
callback(null, user, context);
}