Implementing error handling best practices in Auth0 ensures optimal performance and provides better visibility into anomalous operations. These practices include sending error logs to an external service, using error objects in rules, formatting meaningful error code descriptions, and handling exceptions efficiently.

• Auth0
• Error Handling
• Best Practices

How are error logs sent to an external service?

Sending error event logs to an external service provides better visibility and diagnosis of anomalous operations. To retain and analyze log events past the log retention period offered for a subscription plan, use Auth0 log streaming. Administrators can use services like DataDog and AWS EventBridge. These are examples only, and administrators should use a tool that best fits organizational guidelines for these types of tools. Auth0 also offers the ability to send logs to an external service in the Log Streaming section in the Auth0 Marketplace.

Utilize Error Objects in Rules to Manage Time Constraints

Time constraints dictate how much time a rule has to execute. Review the Custom Database Action Script Execution Best Practices documentation for more information. If recovery from an error condition remains impossible or improbable within this time period, explicitly return an error condition. Complete the rule execution by returning an instance of a Node Error object, as shown in the following code snippet.

return callback(new Error('some description'));

Review the Class: Error on nodejs.org documentation for more information. Alternatively, return an instance of the Auth0-specific UnauthorizedError. This causes an unauthorized error condition with the supplied error description to return to the application that initiated authentication (the application from which the redirect to the /authorize endpoint initiated). This allows an application to offer conditional retry capability and allows administrators to implement rules to deny access based on certain conditions, as shown in the following code snippet.

return callback(new UnauthorizedError('some description'), user, context);

Why are meaningful error code descriptions necessary?

The UnauthorizedError object only returns the supplied description. To use specific processing for unauthorized error conditions, format descriptions to include easily accessible error code information. Review the following code snippet for an example.

Implement Exception Handling to Prevent Premature Pipeline Termination

Unexpected error conditions, such as uncaught JavaScript exceptions, result in the premature termination of pipeline execution. This ultimately results in an authentication error. For situations involving asynchronous operations, use a catch handler when using Promise object processing. Promise object processing also proves effective for error handling during non-asynchronous operations. A Promise object wraps a synchronous function call, making it easier to implement cascaded error handling via promise chaining. Review the Promise in MDN Web Docs documentation for more information about the Promise object. Review the Error Handling with Promises on javascript.info documentation for more information about promise chaining. Review the following code snippet for an example of a Promise object wrapping a synchronous function call.

return new Promise(function(resolve, reject) {
    jwt.verify(
      token,
      secret,{
      clockTolerance: 5},
      function(err, decoded) {
        if (err) {
          reject(err);
        } else {
          resolve(decoded);
      }
    });
  });

Alternatively, use try...catch processing to handle JavaScript exceptions that occur during synchronous operations. Review the try...catch in MDN Web Docs documentation for more information. Setting up this type of exception handling often incurs performance costs, so use it sparingly. Rule performance requires optimal efficiency. A more pragmatic approach implements processing that prevents exceptions from occurring rather than handling them once they occur. Review the Auth0 Performance Best Practices documentation for more information.

How are uninitialized objects avoided in rules?

Using uninitialized objects causes exceptions. Include initialization as part of any declaration where the existence of an object remains in question. Review the following code snippet for an example.

user.user_metadata = user.user_metadata || {})

Taking steps to prevent an exception from occurring in a rule represents a best practice. This approach typically costs less in terms of performance and resource usage than implementing exception handling.