Back to Novu

Auth0 Webhook Integration with Novu

docs/guides/webhooks/auth0.mdx

3.18.06.7 KB
Original Source

Trigger Novu notification workflows when Auth0 events occur by receiving Auth0 log stream or webhook events in your backend and calling the Novu Trigger API.

How does the Auth0 and Novu integration work?

  1. Auth0 emits an event (for example, password reset requested or successful signup).
  2. Your backend receives the event via an Auth0 log stream or Actions webhook.
  3. Your handler verifies the event and calls Novu's Trigger event API.
  4. Novu delivers the notification through your configured workflow channels.

Prerequisites

  • An Auth0 tenant with log streams or Actions configured
  • A Novu account with a workflow for each auth event
  • A backend endpoint to receive Auth0 events

How do I trigger a Novu workflow from Auth0?

<Steps> <Step title="Create auth workflows in Novu"> Create workflows for events such as `password-reset`, `welcome-email`, and `new-device-login`. Add email and optional in-app steps. </Step> <Step title="Configure Auth0 to send events"> Set up an Auth0 log stream or Action that POSTs to your backend when target events occur. See [Auth0 log streams](https://auth0.com/docs/customize/log-streams) documentation. </Step> <Step title="Handle the webhook and trigger Novu"> Verify the Auth0 event, then trigger the matching Novu workflow: <Tabs> <Tab title="Node.js"> ```typescript import { Novu } from '@novu/api';

const novu = new Novu({ secretKey: process.env.NOVU_SECRET_KEY });

export async function handleAuth0Event(event: Auth0LogEvent) { if (event.type === 's' && event.description === 'Success Signup') { await novu.trigger({ workflowId: 'welcome-email', to: { subscriberId: event.user_id, email: event.user_name }, payload: { firstName: event.details?.body?.firstName }, }); } }

  </Tab>
  <Tab title="Python">
```python
import os
import novu_py
from novu_py import Novu

def handle_auth0_event(event):
    if event["type"] == "s" and event["description"] == "Success Signup":
        with Novu(secret_key=os.getenv("NOVU_SECRET_KEY", "")) as novu:
            novu.trigger(trigger_event_request_dto=novu_py.TriggerEventRequestDto(
                workflow_id="welcome-email",
                to={"subscriber_id": event["user_id"], "email": event["user_name"]},
                payload={"firstName": event.get("details", {}).get("body", {}).get("firstName")},
            ))
</Tab> <Tab title="Go"> ```go import ( "context" "os"
novugo "github.com/novuhq/novu-go"
"github.com/novuhq/novu-go/models/components"

)

func handleAuth0Event(event Auth0LogEvent) error { if event.Type == "s" && event.Description == "Success Signup" { s := novugo.New(novugo.WithSecurity(os.Getenv("NOVU_SECRET_KEY"))) _, err := s.Trigger(context.Background(), components.TriggerEventRequestDto{ WorkflowID: "welcome-email", To: components.CreateToSubscriberPayloadDto(components.SubscriberPayloadDto{ SubscriberID: event.UserID, Email: event.UserName, }), Payload: map[string]any{ "firstName": event.Details.Body.FirstName, }, }, nil) return err } return nil }

  </Tab>
  <Tab title="PHP">
```php
use novu;
use novu\Models\Components;

function handleAuth0Event(array $event): void
{
    if ($event['type'] === 's' && $event['description'] === 'Success Signup') {
        $sdk = novu\Novu::builder()
            ->setSecurity('<YOUR_SECRET_KEY_HERE>')
            ->build();

        $sdk->trigger(
            triggerEventRequestDto: new Components\TriggerEventRequestDto(
                workflowId: 'welcome-email',
                to: new Components\SubscriberPayloadDto(
                    subscriberId: $event['user_id'],
                    email: $event['user_name'],
                ),
                payload: [
                    'firstName' => $event['details']['body']['firstName'] ?? null,
                ],
            ),
        );
    }
}
</Tab> <Tab title=".NET"> ```csharp using Novu; using Novu.Models.Components; using System.Collections.Generic;

async Task HandleAuth0Event(Auth0LogEvent auth0Event) { if (auth0Event.Type == "s" && auth0Event.Description == "Success Signup") { var sdk = new NovuSDK(secretKey: "<YOUR_SECRET_KEY_HERE>");

    await sdk.TriggerAsync(triggerEventRequestDto: new TriggerEventRequestDto() {
        WorkflowId = "welcome-email",
        To = To.CreateSubscriberPayloadDto(new SubscriberPayloadDto() {
            SubscriberId = auth0Event.UserId,
            Email = auth0Event.UserName,
        }),
        Payload = new Dictionary<string, object>() {
            { "firstName", auth0Event.Details?.Body?.FirstName },
        },
    });
}

}

  </Tab>
  <Tab title="Java">
```java
import co.novu.Novu;
import co.novu.models.components.*;
import java.util.Map;

void handleAuth0Event(Auth0LogEvent event) {
    if ("s".equals(event.getType()) && "Success Signup".equals(event.getDescription())) {
        Novu novu = Novu.builder()
            .secretKey("<YOUR_SECRET_KEY_HERE>")
            .build();

        novu.trigger()
            .body(TriggerEventRequestDto.builder()
                .workflowId("welcome-email")
                .to(To2.of(SubscriberPayloadDto.builder()
                    .subscriberId(event.getUserId())
                    .email(event.getUserName())
                    .build()))
                .payload(Map.ofEntries(
                    Map.entry("firstName", event.getDetails().getBody().getFirstName())))
                .build())
            .call();
    }
}
</Tab> <Tab title="cURL"> ```bash curl -X POST 'https://api.novu.co/v1/events/trigger' \ -H 'Content-Type: application/json' \ -H 'Authorization: ApiKey <NOVU_SECRET_KEY>' \ -d '{ "name": "welcome-email", "to": { "subscriberId": "auth0|user_id", "email": "[email protected]" }, "payload": { "firstName": "Jane" } }' ``` </Tab> </Tabs> </Step> </Steps>

Frequently asked questions

<AccordionGroup> <Accordion title="Should I use Auth0 Actions or log streams?"> Auth0 Actions give you inline control during the auth flow. Log streams are better for post-event processing such as security alerts and analytics-driven notifications. </Accordion> <Accordion title="Where should I verify Auth0 webhook signatures?"> Always verify signatures in your backend before triggering Novu workflows. Never expose your Novu secret key in client-side Auth0 Actions. </Accordion> </AccordionGroup>