Skip to main content
The End of Life (EOL) date of Rules and Hooks will be November 18, 2026, and they are no longer available to new tenants created as of October 16, 2023. Existing tenants with active Hooks will retain Hooks product access through end of life.We highly recommend that you use Actions to extend Auth0. With Actions, you have access to rich type information, inline documentation, and public npm packages, and can connect external integrations that enhance your overall extensibility experience. To learn more about what Actions offer, read Understand How Auth0 Actions Work.To help with your migration, we offer guides that will help you migrate from Rules to Actions and migrate from Hooks to Actions. We also have a dedicated Move to Actions page that highlights feature comparisons, an Actions demo, and other resources to help you on your migration journey.To read more about the Rules and Hooks deprecation, read our blog post: Preparing for Rules and Hooks End of Life.
From within any Auth0 Rule you write, you can update a user’s app_metadata or user_metadata using the auth0 object, which is a specially-restricted instance of ManagementClient (defined in the node-auth0 Node.js client library) and provides limited access to the Auth0 Management API. To learn more, read Rules Execution Best Practice. To access additional endpoints from inside Rules, you have to use another version of the library.
The Access Token for the Management API, which is available through auth0.accessToken, is limited to the read:users and update:users scopes. If you require a broader range of scopes, you can request a token using the Client Credentials Flow. See Get Management API Access Tokens for Production.

Access a newer version of the library

You can load a newer version of the Auth0 Node.js client library by requiring the specific version of the library. For up-to-date version information, check the Auth0 Node repository in Github. In this example, we load version 2.9.1 of the library, then query the list of users and logs the users to the console (to be inspected with the Real-time Webtask Logs Extension).
Searching for users from inside Rules may affect the performance of your logins; we advise against it.
function (user, context, callback) {
  var ManagementClient = require('auth0@2.9.1').ManagementClient;
  var management = new ManagementClient({
    token: auth0.accessToken,
    domain: auth0.domain
  });

  management.getUsers(function (err, users) {
    console.log(users);
    callback(null, user, context);
  });
}
For a filtered list of available libraries that can be set as required, check the available library versions.