How do I add a default role to a new user on first login?

Problem statement

You might need users to be created with a specific role.

Solution

Check out our video related to that topic:

If you are using the Authorization Core, you can leverage the Management API in a rule to assign a role based on login count.

Example Rule:

function (user, context, callback) {

    const count = context.stats && context.stats.loginsCount ? context.stats.loginsCount : 0;
    if (count > 1) {
        return callback(null, user, context);
    }

    const ManagementClient = require('auth0@2.27.0').ManagementClient;
    const management = new ManagementClient({
      token: auth0.accessToken,
      domain: auth0.domain
    });

    const params =  { id : user.user_id};
    const data = { "roles" : ["ROLE_ID_1","ROLE_ID_2"]};

    management.users.assignRoles(params, data, function (err, user) {
    if (err) {
        // Handle error.
        console.log(err);
     }
    callback(null, user, context);
    });
    
}

This can also be achieve in an Action with the following Post-Login Action code:

  1. Create an Application that will use the Action:

Screen Shot 2021-06-23 at 12.28.16 PM

  1. Authorize it to the API you created with the required scopes. See Enable Role-Based Access Control for APIs

Screen Shot 2021-06-23 at 12.29.02 PM

  1. Create and An Auth0 Action.

To get an Action working in a specific flow, you need to create the Action and then add it to a flow.

  • Navigate to Auth0 Dashboard > Actions > Custom Actions to view your list of existing Actions.
  • Select Build Custom.
  • Enter a Name and select the Login / Post Login trigger since you’ll be adding an Action to the Login flow, then select Create.
  1. Store the application’s credentials in the Action’s event.secrets object:

Use the domain, client ID, and client secret in the application settings of the app you created in step 1.
see Write Your First Action

Screen Shot 2021-06-23 at 12.31.34 PM

  1. Add the auth0 npm module/ dependency:

See Add a dependency.
NOTE: Use the latest version of the module and leave the Version textbox blank and click on any
other part of the Add Dependency dialog box and click on the create button.

Screen Shot 2021-06-23 at 12.47.31 PM

  1. Initialize and use the Management API in the Action:

Next implement the code logic. The following sample code logic assigns a user a role based on their login count.

exports.onExecutePostLogin = async (event, api) => {
  if (event.stats.logins_count !== 1) {
    return;
  }

  const ManagementClient = require('auth0').ManagementClient;

  const management = new ManagementClient({
      domain: event.secrets.domain,
      clientId: event.secrets.clientId,
      clientSecret: event.secrets.clientSecret,
  });

  const params =  { id : event.user.user_id};
  const data = { "roles" : ["YOUR_ROLE_ID"]};

  try {
    const res = await management.assignRolestoUser(params, data)
  } catch (e) {
    console.log(e)
    // Handle error
  }
};
5 Likes