[draft] [feat]: Template for custom timeout based on metadata

[nelsonmaia]

Changes

Made by Nelson Matias, Okta Product Manager

Adding a new Actions template that allow using the new Auth0 feature of setting custom session timeout in Actions.

This action checks for specific metadata created either in organizations, connections or in application and use it to set custom absolute or idle timeout

• [ x ] I described the changes on this PR.

References

This new Auth0 feature can be used in a easier way https://auth0.com/docs/secure/continuous-session-protection

• [ x ] I added at least one link to explain why this change is needed.

Testing

Steps to Reproduce

• Set the tenant timeout (both idle and absolute) timeout to some high number, for example 100 days
• Create a new Organization
• Create 2 metadata within the organization: idle_lifetime and absolute_lifetime with the timeout you wanna configure in milliseconds (Ideally something small so it is easier to test)
• Create a new user and assign it to the organization
• Authenticate with this user

Test 1:

• Login in with the created user in an application ( Single Page applications will be easier to test, but it can be any)
• After login, wait the number of milliseconds configured in the idle_lifetime. If this is a SPA, just refresh the page, if it is not make sure to trigger an authorize call again. You should see the user log out.

Test 2:

• Login in with the created user in an application ( Single Page applications will be easier to test, but it can be any)
• After login, keep using the application for the number of milliseconds configured in absolute_lifetime, after that the user should automatically log out. The behaviour might depend on the application, but the Auth0 session should be expired

Test 3:

• Create a new metadata in the connection you created the user;
• Delete the metadata in organizations
• Repeat test 1 and 2

Test 4:

• Create a new metadata in the application (in Auth0)
• Delete the connection and / or the organization metadata
• Repeat test 1 and 2

Checklist

• [ x] I have manually tested any new or updated actions templates in a real auth0 account.
• This pull request's title matches the conventional commit format
• [ x ] This branch is up to date with main
• [ x ] All existing and new checks complete without errors
• [ x ] I have read the Auth0 general contribution guidelines
• [ x ] I have read the Auth0 Code of Conduct
• [ x ] I have read the Contribution guide for this repository

[nelsonmaia]

@ggoodman Added the new suggestion and some links into the comments of the actions

[ggoodman]

That looks good to me. I'm working to find out how we take on these changes before hitting the approve button.

[nelsonmaia]

@edwardsbrentg @ggoodman I've committed all the suggested changes, would you be able to review it please?