Authorization Core vs. Authorization Extension
We plan to deprecate Rules and Hooks in 2024, and at that time, Rules and Hooks-based Extensions will be out of support. We highly recommend that you migrate to Actions to extend Auth0. With Actions, you have access to rich type information, inline documentation, and public
npm packages, and can connect external integrations that enhance your overall extensibility experience.To learn more about what Actions offer, read Understand How Auth0 Actions Work. We also have a dedicated Move to Actions page that highlights feature comparisons, an Actions demo, and other resources to help you on your migration journey.To read more about the Rules and Hooks deprecation, read our blog post: Preparing for Rules and Hooks End of Life.| Feature | Authorization Core | Authorization Extension |
|---|---|---|
| Enhanced performance and scalability | Yes - Read Entity Limit Policy | No - Limited to 500KB of data (1000 groups, 3000 users, where each user is a member of 3 groups; or 20 groups, 7000 users, where each user is a member of 3 groups) |
| Create/edit/delete Roles | Yes | Yes |
| Roles can contain permissions from one or more APIs | Yes | No |
| Users and Roles can be assigned to Groups | No | Yes |
| Roles are attached to specific applications | No | Yes |
| Create/edit/delete Users | Yes | Yes |
| Search Users by user, email, connection | Yes | Yes |
| Search Users by identity provider, login count, last login, phone number | Yes | No |
| Search Users using Lucene syntax | Yes | No |
| User import/export via JSON | Not currently | Yes |
| Create custom authorization policies | Yes | No |