DICE Developer Docs
  • Developer Docs
    • DICE Test Drive
      • Sign-up for Issuer Portal
      • Issue Credentials
      • Verify Credentials
    • Key Concepts
      • DID & Verifiable Credentials
      • DICE ID Architecture
    • Platform Console
      • Dashboard
      • Customers
        • Onboard Customer
      • Credentials
        • Issue Credentials to New Customer
      • Schema
      • Batch Issuance
        • Batch Issuance - Useful Tips
      • Verifications
        • Verification Template
      • Templates
        • Certificate Template
          • Create Template
          • Manage Template
        • Email Template
          • Create Template
          • Manage Template
      • Organization
      • Departments
      • Organization Users
      • API Access
      • Callback Configuration
      • Tutorials
        • Credential Issuance from DICE ID Console
        • Credential Issuance using DICE ID APIs
        • Credential Verification using QR code
        • Credential Verification from DICE ID console
        • Batch Credential Issuance from DICE ID Console
    • Integrations
      • Auth0 Integration
        • Login using OIDC (First Factor Authentication)
        • Custom MFA Rule (For 2FA)
    • DICE ID SDK
      • DICE ID
        • DID & Verifiable Credentials
        • DICE ID Architecture
      • SDK Functionalities
      • Create Wallet
      • Create Connection
      • Creating a Schema
      • Issue a Credential
      • Send Presentation Request
      • Get Verification State
      • Configuration and Customization
      • Error Handling & Troubleshooting
      • Conclusion
      • Additional Resources
  • Getting Started with DICE ID Skill Credentials
    • Building Trust Ecosystems Powered by Credentials
    • DICE ID Integration for Issuers
    • DICE ID Integration for Verifiers
    • DICE ID Brand Usage Guidelines
    • DICE ID Onboarding Confirmation
    • Helpful Q&A
    • Troubleshooting Guide
Powered by GitBook
On this page
  1. Developer Docs
  2. Integrations
  3. Auth0 Integration

Custom MFA Rule (For 2FA)

Unlock multi-factor authentication with seamless DICE ID platform integration to Auth0. Simplify user authentication and enhance security using DICE ID

PreviousLogin using OIDC (First Factor Authentication)NextDICE ID SDK

Last updated 1 year ago

Login to Auth0 Dashboard

Go to Auth Pipeline --> Rules --> Create

Set name for rule

In script Block - Add following rule (Replace all variables marked in <> with actual values and Add appropriate Flag in else if condition) :

function (user, context, callback) {

    function base64URLEncode(str) {
        return str.toString('base64')
            .replace(/\+/g, '-')
            .replace(/\//g, '_')
            .replace(/=/g, '');
    }

    var code_verifier = base64URLEncode(crypto.randomBytes(32));

    function sha256(buffer) {
        return crypto.createHash('sha256').update(buffer).digest();
    }

    // PKCE standard Code challenge
    var code_challenge = base64URLEncode(sha256(code_verifier));

    if (context.protocol === "redirect-callback") {
        // If Will be executed after else if condition when User will be redirected to the /continue endpoint
        console.log(user);
        console.log(context);

        // Calling vcauth API to obtain JWT from code received in callback
        var axios = require('axios');
        var qs = require('qs');
        var jwt_decode = require('jwt-decode');
        var data = qs.stringify({
            'client_id': '<client_id>',
            'code': context.request.query.code,
            'redirect_uri': '<auth0_continue_endpoint>',
            'code_verifier': code_verifier,
            'grant_type': 'authorization_code'
        });
        var config = {
            method: 'post',
            url: 'https://<vcauth_base_url>/vc/connect/token',
            headers: {
            'authority': '<vcauth_base_url>',
            'accept': '*/*',
            'accept-language': 'en-IN,en;q=0.9',
            'cache-control': 'no-cache',
            'content-type': 'application/x-www-form-urlencoded',
            'dnt': '1',
            'origin': '<auth0-base-url>',
            'referer': '<auth0-base-url>'
            },
            data : data
        };

        axios(config)
        .then(function (response) {
            console.log("Axios resp: ",JSON.stringify(response.data));

            // Decoding the JWT to obtain user details
            var decoded = jwt_decode(response.data.id_token);
            console.log("Decoded: ",decoded);

            // Validation of User data with JWT verification data will be done here
        })
        .catch(function (error) {
            console.log(error);
        });

    } else if (user.MFA_ENABLED) { // Customize else if condition as needed
        // Else if will be executed before if condition when User will be logging in directly
        context.redirect = {
            url: `https://<vcauth_url>/vc/connect/authorize?pres_req_conf_id=<pres_conf_id>&client_id=<client_id>&redirect_uri=<auth0_continue_endpoint>&response_type=code&scope=openid%20profile%20vc_authn&code_challenge=${code_challenge}&code_challenge_method=S256&response_mode=query`
        };
    }

return callback(null, user, context);
}

Save the changes and ensure Rule in enabled

Auth0 Rules
Auth0 Custom rule