Hello,
I went and created a hook, finally got it working after a crazy long time fighting with it. Well, “working” - it worked like a charm in the test engine. However, when I tried it in the real application (which redirects to Auth0.com to actually get the JWT, the JWT didn’t have anything that the rule would add. It was working so well in the test app - it would go off and query our servers for additional claims to pull into the JWT. It even just added one ‘Test’ as true at the beginning of the code. It appears that it doesn’t run - but according to the statement Hooks only run when you POST… so the redirect to your lock page doesn’t do that so the hook is worthless. Nice.
Ok, switching to rules… I tried to create a rule and after a crazy long time getting ‘forbidden’ every time I ran it (Save worked OK), I exited back to the page where it listed the rules and it said “Create your first rule!” Ah, I did that already, so why am I getting asked this? Turns out, no, the save button just lied to me, and the ‘Forbidden’ that was being shown when I ran it was because I wasn’t allowed to save my rules.
Another person that I had made an Admin (invite to be a dashboard admin (like me)) was able to create and save a rule and said that “they work” - I then refreshed the page and sure enough, there was his rule.
I tried to create a blank rule, test it: forbidden.
I tried to edit his rule: forbidden.
I tried to create a blank rule and save it - Success!
I tried to edit that rule: forbidden.
Am I wrong, or is this the most jacked up system in the world?
-C
=== Update
The Forbidden issue seems to be random. (See comment below)
The rules don’t seem to run if you use the redirect method of logging in either. (nice )
Test rule leaves JWT (Access) UNCHANGED:
function (user, context, callback) {
context.idToken.test = ‘Hello2’;
context.accessToken.test = ‘hello’;
callback(null, user, context);
}
Originally, I just changed the accessToken. BTW: The try method shows the accessToken having the test value set to ‘hello’, so it is working “great” - except, that when I logout and back in and examine the token… no changes - except a new ‘iat’ and ‘exp’ value - which show that it was in fact regenerated.
I am out of ideas on where to even look for a clue as to why this isn’t working.