Okta
Octa
Introduction
When providing web services and applications for general consumers, it is required to set a step of agreeing to the terms of use at the time of user registration from the viewpoint of various laws such as the Personal Information Protection Law. Furthermore, as stated in the Ministry of Economy, Trade and Industry's "Regulations Concerning Electronic Commerce and Information Property Transactions (April 2022)", after clearly indicating the existence of the terms of use and privacy policy, consent The point is to have them check to the effect that they will do so.
By using Auth0, you can easily acquire consent to the terms of use at the time of user registration and manage acquired information. This page introduces setting examples and actual operations using the Auth0 standard functions.
Overview of Consent Acquisition and Management Features in Auth0
There are several possible patterns for obtaining consent in web services and applications. The following patterns are generally used, but this page will introduce pattern 1.
- Prepare Box specifically for obtaining consent
- Other buttons, such as a registration button, also serve as the consent acquisition function
In addition, we would like to introduce the following regarding the management of consent-gathered information.
- Storage of consent acquisition (= user registration) date and time
- Storing consent acquisition flag
On this page, we will introduce a setting example for Classic Universal Login to achieve ①.
Assumptions and precautions
The configuration examples on this page are for web applications that are already integrated with Auth0.
In addition, as of October 2022, the function to display a Box for obtaining consent in Universal Login, a screen function provided by Auth0, is only supported in the Classic version.
Universal Login vs. Classic Login – Auth0 docs
Setting example: Acquisition of consent at the time of user registration (check Box)
1.On the Auth0 management screen, click [Branding] > [Universal Login]
2. Click [Advanced Options]
3. Select Login tab
4. Enable [Customize Login Page] (By enabling it, the editor becomes editable)
5. Edit the code as follows
▼Adding check Box
// Add checkbox mustAcceptTerms: true;
▼ Added a Japanese message for obtaining consent and a link to the Terms of Use page
// Setting language & message language = 'ja'; languageDictionary.signUpTerms = ` I agree to the AAA app terms of use. `;
6. Click Save Changes
Operation example: Consent acquisition (check Box) at the time of user registration
1. Log in on the Auth0-linked web application screen and transition to the user registration screen (Universal Login: Classic version) provided by Auth0.
2. On the user registration screen, confirm that a message agreeing to the terms of use (including a link to the terms of use) and a check Box for obtaining consent are displayed.
Setting example: Management of consent acquisition information
1.In the Auth0 administration screen, click [Actions] > [Library].
2.Click [Create Action] > [Build from scratch]
3. Select the name of the action to be created, the action's trigger, and the execution environment, then click [Create].
4. Write the logic for managing consent acquisition information in JavaScript in the code editor on the setting screen.
Here, as an example, describe the logic to store the date and time of consent acquisition (= user registration), the consent acquisition flag, and the version of the agreed terms of use as the registered user's Metadata.
exports.onExecutePreUserRegistration = async (event, api) => {
const { consentGiven } = event.user.user_metadata || {};
// short-circuit if the user signed up already
if ( consentGiven ) {
return;
}
const now = new Date;
//first time signup/login
api.user.setUserMetadata("consentVer", "1.0");
api.user.setUserMetadata("consentGiven", true);
api.user.setUserMetadata("consentTimestamp", now);
return;
//}
};
5. Click [Deploy]
6. Confirm that the created Action was successfully deployed
7. In the Auth0 admin page, click Actions > Triggers.
8. Select the Triggers that incorporate the Action you created.
Here, click [pre-user-registration]
9. Drag and drop the created Action displayed in the Custom tab on the right side of the screen and incorporate it into the flow diagram on the left side of the screen
10. Click [Apply]
11.Confirm that it was reflected normally
Operation example: Management of consent acquisition information
1. Log in on the Auth0-linked web application screen and transition to the user registration screen (Universal Login: Classic version) provided by Auth0.
2. On the user registration screen, check Box for agreeing to the terms of use, and perform user registration (click [Continue]).
3.On the Auth0 administration screen, click [User Management] > [Users]
4. From the displayed user list, select the user registered in 2.
5. Check the Metadata column on the Details tab and confirm that the consent acquisition information is stored
Summary
In this way, with the functions of Auth0 alone, you can easily realize the step of agreeing to the terms of use at the time of user registration and managing consent information. You can try the functions in the free Auth0 trial environment, so please feel free to experience it.
In addition to the consent acquisition function introduced this time, Auth0 has a group of functions necessary for realizing the authentication process in web services and applications. If you are interested in Auth0, please contact us.
reference
Inquiry/Document request
In charge of Macnica Okta Co., Ltd.
- TEL:045-476-2010
- E-mail:okta@macnica.co.jp
Weekdays: 9:00-17:00