The Next Level3 Auth0 integration is designed to be used for any of your existing applications or sites which are using Auth0 for authentication. This integration will allow you to easily add Account Protection to any application that leverages Auth0 for authentication. 

Pre-requisites

 

Requirements: 

– Auth0 Application
– Next Level3 Company Account
– Signing Key created for an application in the Next Level3 Company Portal

 

Account Protection

Adding Next Level3 Custom Auth0 Action

The first step to add an NL3 Account Protection Check to an existing application which is using Auth0 for authentication is to add a custom action which will then be added to your existing login flow.

Step 1. – Add custom action.

a. After logging into the Auth0 management portal, navigate to ‘Actions -> Library’ from the main menu and click the ‘Build Custom’ button to build a custom action.

b. Enter the following Information (replacing myApplication with the name of your application) in the Custom Action form and click Create.

  • Name – myApplication Account Protection Check
  • Trigger – Login/Post Login
  • Runtime – Node 16 (Recommended)

c. In the code editor for the action, remove all the existing default code and replace it with the following NL3 Action code.

 

				
					const https = require('https');
const nJwt = require('njwt');

function getLockStatus (jwt, api_host, api_path, event) {
  return new Promise((resolve, reject) => {
    var post_data = JSON.stringify({ "userIP": event.request.ip,
      "userDevice": event.request.user_agent,
      "userLocation": event.request.geoip.cityName,
      "integrationType": "auth0",
      "integrationData": event.request
    })
    var options = {
      host: api_host,
      port: "443",
      path: api_path,
      method: "POST",
      headers: {
        'Content-Type': 'application/json',
        'Accept': 'application/json',
        'x-nl3-authorization-token': jwt,
        'Content-Length': Buffer.byteLength(post_data)
      }
    }
    
    const req = https.request(options, (response) => {
      let chunks_of_data = [];

      response.on('data', (fragments) => {
				chunks_of_data.push(fragments);
			});

      response.on('end', () => {
				let response_body = Buffer.concat(chunks_of_data);
				resolve(response_body.toString());
			});
			response.on('error', (error) => {
        console.log("Error = " + error.message);
				reject(error);
			});      
    });
    req.write(post_data);
    req.end();
  });
}

exports.onExecutePostLogin = async (event, api) => {
  if (event.client.client_id==event.secrets.CLIENT_ID) {
    var claims = {
      iss: event.secrets.APP_URI,
      aud: event.secrets.API_HOST,
      sub: event.user.name
    }
    let decodedDomainToken = Buffer.from(event.secrets.SIGNING_KEY, 'base64');
    var jwt = nJwt.create(claims, decodedDomainToken);
    jwt.setExpiration(new Date().getTime() + (60*5*1000)); //5 minute expiration to allow for SignUp
    jwt.setNotBefore(new Date().getTime() - (60*1*1000)); //Valid from 1 minute ago to account for minor time diffs
    var authToken = jwt.compact();

    if (authToken.length > 0) {
      const res = await getLockStatus (authToken, event.secrets.API_HOST, event.secrets.API_PATH, event);
      var result = JSON.parse(res);

      if(result) {
        console.log(JSON.stringify(result));
        if(result.locked) {
          api.access.deny(event.secrets.LOCKED_MESSAGE);
        }
      } else {
        //Add logic for violations if required
      }
    }    
  }
};

Once you have updated the code, click ‘Save Draft’. After doing this, your action code should look like the following:

d. Now you need to setup some secrets for the new custom action in order to configure it for your Auth0 protected application. This includes a secret for your NL3 signing key so that the action can check the lock status of users that are set up for Account Protection. You can retrieve your signing key from the Next Level3 Company Portal (https://company.nextlevel3.com) after  you have added the application to the company portal and validated the associated domain for that application. 

 

To update secrets, click the ‘Key’ Icon to the left of the code editor called secrets and select the ‘Add Secret’ button   

e. Enter to following secret key/value pairs one at a time in the ‘Define Secret’ form and click Create.

  • Key = LOCKED_MESSAGE
  • Value = Add a non-descript error message of your choosing such as “Login Failed”

  • Key = SIGNING_KEY
  • Value = Paste your domain key provided by the Next Level3 company portal for the domain.
  • Key = CLIENT_ID
  • Value = The Auth0 Client ID for your application which can be found under the “Applications” menu in Auth0
  • Key = API_HOST
  • Value = Currently, the API host for production endpoints is api.nextlevel3.com
  • Key API_PATH
  • Value = Currently, the API path for production is /v1/AccountProtectionCheck
  • Key APP_URI
  • Value = This must match the value of the Domain URL you configured in the NL3 company portal (e.g. myapp.domain.com)
f. Next click the package icon labeled “Modules” to add some additional npm modules to the action. The only dependency that is not included by default is njwt. So, clck the ‘Add Dependency’ button, then enter ‘njwt’ into the ‘Name’ field and click the ‘Create’ button.  
 

g. Next, click ‘Save Draft’ from the code editor window to save the action.

 

h. Click ‘Deploy’ from the code editor window to deploy the action. After you click Deploy, a slider popup will appear letting you know that the action was successfully deployed.

i. Click ‘Add to Flow’ from that slider popup. 
                 * if you missed the popup slider,  you can also navigate to ‘Actions -> Flows’ and select the Login tile.

 

j. Click the ‘Custom’ tab to list your custom actions. You should see the NL3 Account Protection action you just created in the list.

 

k. Drag and drop the NL3 Account Protection action into the flow.

Your login flow should look similar to this now.

l. Click ‘Apply’ to apply the flow changes.

That’s it. You have now enabled Next Level3 Account Protection. After completing the second phase of integration (User Enablement) and enabling users,  you will be able to test out the lock/unlock capabilities in your site for users that have enabled their accounts for protection.

Quick Links
Get In Touch

Patents and Patent Pending - © 2022 All Rights Reserved.

Privacy Preference Center

Consent Management

https:/privacy/

Required
This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.

Necessary

These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services. These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.

Cookies Used

Required
Session Cookies, Persistent Cookies, Flash Cookies

nextlevel3.com

Opt Out
nextlevel3.com

Advertising

Analytics

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service.

Cookies Used

google-analytics.com

google-analytics.com

Opt Out
Web Beacons

Other

Scroll to Top