Use Cases: Configure an update policy form using Forms
Before you start
Create a Machine-to-Machine Application with the following scopes enabled:
read:usersupdate:userscreate:usersread:users_app_metadataupdate:users_app_metadatacreate:users_app_metadata
Private Beta Note: Forms for Actions is currently in Private Beta Access. To learn more about Auth0 release stages, review Product Release Stages.
Forms for Actions allows you to create a custom agreement prompt and store the agreement consent in a user_metadata.privacy_policies attribute.
The sections below outline how you can create an Update Policy form using nodes and flows, along with steps for adding your form to a Post Login Action.
Create a form with Forms for Actions
To create a new information gathering form, follow these steps:
Navigate to Auth0 Dashboard > Actions > Forms.
Select Actions > Forms to open the Form editor in a new tab.
Select Create form > Start from scratch.
By default, a new form contains a Start node, a Step node, and an Ending screen node.
Configure the Start node
To ensure that the Auth0 pipeline connection is secure, add a Hidden field variable named context_token by following these steps:
Select the Start node from the Form editor.
Select Add New Item.
Enter
context_token. A Default value is not needed.Select Publish to save.
Add a Get user flow
Add a Get user Flow node to validate the context_token value, gather user data, and store this information for further processing by following these steps:
Select Flow from the bottom of the Form editor.
Remove the existing link between the Start and Step nodes.
Select the new Flow > Click to add a flow > Create a new flow.
Enter
Get userin the Name field.Select Create.
Link the Flow Get user node to the Start and Step nodes.
Select Publish to save.
Select the Flow Get user > Edit flow to open the Flow editor in a new tab.
Below the Start Action, select the + icon to add a Verify JSON web token Action. Complete the fields below, then select Save to continue.
ID: Enter
verifyJwt.Connection: Select the + icon to add a connection.
Secret: Enter
MY_SECRET_PASSWORD, then select Continue.Replace
MY_SECRET_PASSWORDwith a long random string to use in the Verify JSON web token connection Action and the custom Post Login Action.Connection name: Enter
JWT_Login_flow, then select Add Connection.
Token: Enter
{{input.body.context_token}}.
Below the Verify JSON web token Action, add an if/then condition Action. Complete the fields below, then select Save to continue.
Alias: Enter
Verify context_token.Condition: Enter
{{verifyJwt.valid}}, then select is true from the dropdown menu.
Below the True branch of the if/then condition Action, add an Auth0 Get user Action. Complete the fields below, then select Save to continue.
ID: Enter
getUser.Connection: Select the + icon to add a connection to the Machine to Machine Application.
User ID: Enter
{{verifyJwt.payload.user_id}}.
Below the Auth0 Get user Action, add a Store state variable Action. Complete the field below, then select Save to continue.
Data fields: Enter
user, then enter{{getUser.body}}as the value.
Below the False branch of the if/then condition Action, add a Show error message Action. Complete the fields below, then select Save to continue.
Alias: Enter
Invalid context_token.Error message: Enter
We're sorry, but your context_token is not valid.
Select Publish to save.
The Verify JSON web token Action validates the value of the context_token hidden field.
The If/then condition Action logically routes the flow based on the value returned from the Verify JSON web token Action.
The Auth0 Get user Action collects the user data using the user Id received from the Verify JSON web token Action.
The Store state variable Action stores the data received from the Auth0 Get user Action.
The Show error message Action displays an error if the If/then condition Action returns false.
Add a Router node
Add a Router node that reviews the user_metadata.privacy_policies value to determine the appropriate next steps. If the policy value is missing, the flow continues to the Step node to prompt the user for acceptance. If the policy is present, the authentication flow resumes to login.
Return to the Form editor and select Router.
Remove the existing link between the Get user Flow and Step nodes.
Select the new Router node to add a new rule.
Select Rule 1.
Alias: Enter
Missing policies.Variable:
Enter
{{state.user.user_metadata.privacy_policies}}.From the dropdown menu, select is false.
Select Publish to save.
Add a link from the rule Missing policies to the Step node and link the Default Case rule to the Ending screen node.
Select Publish to save.
Configure the Step node
The Step node is the graphical interface visible to users. Add Fields to the Step node to collect the new agreement acceptance value by following these steps:
Drag a Rich text field from the Components menu into the Step node.
Rich text: Enter a description of your policy updates.
Example:
This policy is current as of the effective date set forth above. Professional service may, in its sole and absolute discretion, change this policy from time to time by updating this document.
Drag a Legal field into the Step node.
ID: Enter
privacy_policies.Required: Enable the checkbox.
Legal: Enter
I agree to the Privacy Policy.
Select Publish to save.
Add an Update user_metadata flow
Add a Flow node after the Step node to update the user_metadata and resume the authentication flow by following these steps:
Select Flow from the bottom of the Form editor.
Remove the existing link between the Step and Ending Screen nodes.
Select the new Flow > Click to add a flow > Create a new flow.
Enter
Update user_metadatain the Name field.Select Create.
Link the Flow node to the Step and Ending Screen nodes as pictured below.
Select Publish to save.
Select the Flow Update user_metadata > Edit flow to open the Flow editor in a new tab.
Below the Start Action, select the + icon to add an Auth0 Update user Action. Complete the fields below, then select Save to continue.
Connection: From the dropdown menu, select the same connection as used in the Flow Get user.
User ID: Enter
{{state.user.user_id}}.Body: Copy and paste the following code
{ "user_metadata": { "privacy_policies": true } }Was this helpful?
/
Select Publish to save.
The Flow Update user_metadata adds the privacy_policies true value to the user_metadata.
Retrieve your form embed code
Retrieve your form embed code to visually render the form with a custom Post Login Action by following these steps:
From the Form editor, select the Embed tab.
Select Copy.
Create a custom Post Login Action
Create a custom Post Login Action to render your form by following these steps:
Navigate to Auth0 Dashboard > Actions > Flows > Login.
Select Custom.
Select the + icon to Build from scratch:
Name: Enter
Render Update Policy Form.Trigger: Select
Login / Post Login.Runtime: Select
Node 18 (Recommended).
Select Create.
To configure the custom Action:
Delete the existing code from the Code editor.
Paste the form embed code into the Code editor.
To add a Secret, select the Key icon from the left-side menu of the Code editor.
Select Add Secret.
Key: Enter
SHARED_CONTENT_TOKEN_SECRET.Value: Enter
MY_SECRET_PASSWORD.Replace
MY_SECRET_PASSWORDwith a long random string to use in the Verify JSON web token connection Action and the custom Post Login Action.
Select Create.
Select Deploy.
Drag and Drop the Render Update Policy Form Action to the Login flow.
Select Apply.
Test implementation
Test the implementation by following these steps:
Log in with an existing user whose
user_metadataattributeprivacy_policiesdoes not have a value.The custom Post Login Action in the Login flow will render the form and prompt for acceptance.
Select Auth0 Dashboard > User Management > Users, locate the user and verify that the
user_metadataattributeprivacy_policiescontains atruevalue.