Auth0

Verify

The 'Why'

FullContact's 'Verify' APIs are a fast and powerful way to verify the identity of customers online. This reduced friction in identity verification is paramount when onboarding new customers, and provides a way of screening out bots and synthetic fraud without slowing new acquisitions.

If you are already using Auth0 as a way of onboarding new customers, there's a quick way to start bringing FullContact's Verify data inside the platform.

First Steps

If you are integrating FullContact's Verify APIs into your Auth0 implementation, make sure you have followed the below steps before getting started:

1.) Made an account with FullContact, and been enabled to access the proper Verify API endpoint:

ex: 10k free calls to Verify.Match

2.) Have an existing Auth0 account

3.) Have created an API key with FullContact

📘

Implementations Vary!

While the pre-built 'Action' will stay the same, you know what's best for your business. We leave the final 'identity verification' standards up to you - below is an example of what standards could look like.

Creating a Custom 'Action Flow'

If all the above steps have been taken, log onto you Auth0 platform, and find the Action > Flows area on the left-hand side:

function getCookie(name) {
  const value = `; ${document.cookie}`;
  const parts = value.split(`; ${name}=`);
  if (parts.length === 2) return parts.pop().split(';').shift();
}

getCookie("fc_pid")

analytics.track("fc_pid": getCookie("fc_pid")})

In this example, we are going to be modifying the 'Pre User Registration' flow, so that new users that use our Auth0 login box to sign up are run thru Verify.Match first:

Final Product

Adding the Verify.Match action

Next, select the '+' button on the right-hand side of the screen to add an action - we will be using both the Custom and pre-built actions to create this example flow:

Select 'Browse Actions' first - this will bring you to the Auth0 Actions Library. Search for 'FullContact' in the search box, then select 'FullContact Verify.Match'. You should see a page like this:

Click the 'Add Integration' button. This will bring you to a screen to enter your FullContact API key (which you can create via the FullContact Platform). Enter that API key in, and continue.

Great! You now have the Verify.Match action added - this action ingests data provided on your customer-facing Auth0 registration screen, and returns FullContact data about how those customer-provided elements match each other. What it doesn't do (yet) is make decisions as to which customers are allowed to continue with making an account, and which should be further verified - that's where a Custom Action comes in.

Creating the Custom Action

You will need to create a second, 'Custom' Action to control what you do with the Verify.Match outputs. In this example, we will provide some basic logic that checks if the email provided is known to FullContact, and if not, will require a second email and employment information. Feel free to modify this logic for whatever business requirements you have:

/**
* Handler that will be called during the execution of a PreUserRegistration flow.
*
* @param {Event} event - Details about the context and user that is attempting to register.
* @param {PreUserRegistrationAPI} api - Interface whose methods can be used to change the behavior of the signup.
*/
const axios = require("axios");

exports.onExecutePreUserRegistration = async (event, api) => {

var fcEmail = event.user.user_metadata.fullContact.profile.email;
var fcEmployer1 = event.user.user_metadata.employer1;
var fcEmployer2 = event.user.user_metadata.employer2;
var secondEmail = event.user.user_metadata.secondEmail;

if (fcEmail == 'unknown' && !fcEmployer1 && !fcEmployer2) {
  api.access.deny('Verify.Match bad email match alert.');
  }
  else if (!fcEmployer1 && !fcEmployer2){
  api.access.deny('More info required.')
  }
  else if (!secondEmail && fcEmail == 'unknown'){
  api.access.deny('Require second email.')
  };

};

We named our Customer Action 'Verification Check (basic)' and then deployed it:

🚧

Edit it!

Make sure you modify the above code if you have changed either the cookie name or storage location from the default "Cookie storage" and "fc_pid" names provided in the FullContact Platform.

Publish and enjoy

When you have created both actions, it's as easy as dragging and dropping each action, in order, into the 'Pre-Registration Flow' seen at the beginning. Congrats! You've now created a verification check for your new users - check out our demo video to see how we implemented this exact flow on an example website: