Table: auth0_action - Query Auth0 Actions using SQL
Auth0 Actions are code snippets that execute during the transaction lifecycle of Auth0's authentication and authorization process. They allow you to customize and extend Auth0's capabilities by inserting custom logic at specific points, known as extensibility points, in the transaction flow. With Auth0 Actions, you can modify user profiles, perform conditional MFA, enrich tokens, and more.
Table Usage Guide
The auth0_action
table provides insights into Actions within Auth0. As a security engineer, explore action-specific details through this table, including the action's script, dependencies, and associated triggers. Utilize it to uncover information about actions, such as their current status, the runtime they use, and the version of the action.
Examples
Deprecated NodeJS 12 based code deployed
Discover the segments that contain outdated NodeJS 12 based code that has been deployed. This can be beneficial in identifying areas that may require updates or migration to newer versions for improved security and performance.
select id, name, supported_triggers, updated_atfrom auth0_actionwhere runtime = 'node12' and all_changes_deployed;
select id, name, supported_triggers, updated_atfrom auth0_actionwhere runtime = 'node12' and all_changes_deployed = 1;
Actions triggered post a password change
Explore which actions are initiated following a password change. This can be helpful in understanding and managing security protocols.
select id, name, updated_atfrom auth0_actionwhere supported_triggers -> 0 ->> 'id' = 'post-change-password';
select id, name, updated_atfrom auth0_actionwhere json_extract(supported_triggers, '$[0].id') = 'post-change-password';
Action code by name
Analyze the settings to understand the specific code associated with an action, such as sending a notification. This can be useful in assessing the elements within your authentication process, particularly in identifying instances where specific actions are triggered.
select codefrom auth0_actionwhere name = 'send-notification';
select codefrom auth0_actionwhere name = 'send-notification';
Deployed actions
Discover the segments that have all their changes deployed in Auth0. This query is useful to understand which areas have the most recent updates, aiding in system management and maintenance.
select id, name, deployed_version ->> 'number' version, supported_triggers, updated_atfrom auth0_actionwhere all_changes_deployed;
select id, name, json_extract(deployed_version, '$.number') as version, supported_triggers, updated_atfrom auth0_actionwhere all_changes_deployed;
Schema for auth0_action
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
all_changes_deployed | boolean | True if all of an Action's contents have been deployed. | |
built_at | timestamp with time zone | The time when this action was built successfully. | |
code | text | The source code of the action. | |
created_at | timestamp with time zone | The time when this action was created. | |
dependencies | jsonb | List of third party npm modules, and their versions, that this action depends on. | |
deployed_version | jsonb | Version of the action that is currently deployed. | |
domain_name | text | =, !=, ~~, ~~*, !~~, !~~* | The name of the domain. |
id | text | = | A unique ID for the action. |
name | text | The name of the action. | |
runtime | text | The Node runtime. For example `node16`, defaults to `node12`. | |
secrets | jsonb | List of secrets that are included in an action or a version of an action. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
status | text | The build status of this action. | |
supported_triggers | jsonb | List of triggers that this action supports. At this time, an action can only target a single trigger at a time. | |
updated_at | timestamp with time zone | The time when this action was updated. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- auth0
You can pass the configuration to the command with the --config
argument:
steampipe_export_auth0 --config '<your_config>' auth0_action