Integration guide
Auth0 Action
Template for scoring Auth0 logins/signups via Predax and enforcing MFA or access denial.
Repo location
integrations/auth0/predax-post-login-action.js
Configure Auth0 secrets: PREDAX_API_KEY and optionally PREDAX_BASE_URL.
When to use it
- Require MFA for risky logins (recommended)
- Block only critical risk (Tor / very high score)
- Tag users for review or add metadata to the session
Setup steps
- Auth0 Dashboard → Actions → Library → Create Action (Post Login)
- Paste the code from
integrations/auth0/predax-post-login-action.js - Configure secrets:
PREDAX_API_KEYand optionallyPREDAX_BASE_URL(defaults tohttps://predax.io) - Attach the Action to your Login flow
Policy example
Typical policy: fail-open on Predax errors, require MFA for risk ≥ 70, block only when risk ≥ 90.
// Pseudocode inside Auth0 Action
const ip = event.request.ip;
const res = await fetch(`${PREDAX_BASE_URL}/api/v1/check/ip`, {
method: "POST",
headers: { "Content-Type": "application/json", "X-API-Key": PREDAX_API_KEY },
body: JSON.stringify({ ip, user_id: event.user.user_id }),
});
const data = await res.json();
const score = data?.classification?.risk_score ?? 0;
if (score >= 90) api.access.deny("Access denied");
else if (score >= 70) api.multifactor.enable("any");