I’m finally back. I was back the morning after my 13-parter, actually, to see a beautifully thought-out and thorough response from @stephanie.chamblee which is why I’m able to be here as soon as I am, actually. Incredible. In fact, this is the first time I’ve ever actually asked for help from the internet, rather than google searching to find what I needed, and I am just awestruck by how amazing and helpful people are, and honestly I feel foolish it didn’t occur to me sooner to try this approach. Thank you so much.
All right. So I feel like I’m about halfway there to understanding how these action things work. I’ll tell you a bit about what I’ve been doing with them and then follow up with some questions. I’ll also label these ones starting with a letter “B” and also subdividing question numbers into lowercase letters where appropriate:
B1)
I’ve set up an action that looks like:
exports.onExecutePostLogin = async (event, api) => {
const namespace = ‘https://my-test-namespace.com’;
api.user.setAppMetadata(testParam, ‘foo’);
api.idToken.setCustomClaim(${namespace}/testParam, event.user.app_metadata.testParam);
};
I’ve also learned to use that “Try it out ->” hyperlink on the “Getting Started” page on the dashboard that lets you know whether you logged in or not, and then displays the data on the idtoken that would have been generated.
First time I log in with this setup I have an https://my-test-namespace.com/testParam = null;
Second time I log in I get the value https://my-test-namespace.com/testParam = foo; like I intended.
I’ve repeated this a few times and keep getting the same result where the new value is null until I log in a second time.
I thought maybe seperating the setAppMetadata function in one action, followed by a second action which contained the setCusomClaim function might work, but when I did that the value wouldn’t show up on the idToken at all.
What sort of thing is happenning so that I can’t set a new value and attach it to an idToken at the same time? and how would I actually manage doing that?
B2)
I also tried seperating the two halves into the first exports.onExecutePostLogin function, and the exports.onContinuePostLogin function that is by default commented out. It didn’t work. So what actually is that second function generated on each action? what’s it for?
B3)
I followed that guide to setup a machine-to-machine application for use with action, and I THINK I had it working. Anyway, though, it says you only need the machine-machine application for changing values that aren’t metadata. That would be like usernames or passwords and things right?
B4)
I don’t think I actually need a machine-machine application for what I’m doing, because the only values I need to access and modify are in the user and app metadata. Correct?
B5)
How does that machine to machine application thing work anyway? Since I’m using Angular2, I have a single page application, and I notice that’s a completely seperate option than machine to machine. Can you use machine-to-machine connection from a single page application?
B6)
Also, what is the relationship between the APIs and Applications on the dashboard Applications->APIs, the dashboard Applications->Applications and the “application” that I’m building in my visual studio code? Like, is “application” on the auth0 website a placeholder for my application? or are they both considered different applications that are working together? Why is there an option to create and hook up multiple applications and API’s from my dashboard if I can also create new tenants?
B7)
I know I had to use the client ID & domain etc to set up my app in visual studio code. On the machine-to-machine api tutorial it used those same values linking up the API with the Application and the action it attached to. Why don’t I need to attach those key and secret values to get most actions working?
B8)
Can I store values on app_metadata as arrays with variable length?
B9a)
So, I need users on my app to be able to log in to an account, but then while logged in create and edit values in their metadata. Does that process look like requesting a token: Call Your API Using the Authorization Code Flow with PKCE
and then putting actions into the machine to machine authentication flow? or do i not need actions necessarily?
B9b)
and if a user has already logged in is there some kind of shortcut I can take rather than go through the full step on that link? Do I still have some kind of usable token from login I could use or is that token not appropriate/not
B9c)
Actually, is all this the place where I would need a Machine to Machine application/api? Would I have to do anything special to connect that with my single page application beyond what I’ve already done ?
B9d)
So I’ve sort of made sense of the authorization code flow with pkce from that link. Is it that the process I need to alter metadata values is to request this pkce token and then any machine to machine flows I’ve made automatically run? does requesting the token with pkce method count as a machine to machine action? or do I need to do some different thing entirely?
B9e)
I know I’m not wording these questions here super great, so I’ll tell you what I’m trying to accomplish. I need it so a user can login and potentially create a group which the user will by default be in charge of, who can then invite other people to their group who can participate in the group with them, but are not themselves in charge of. Basically like Facebook groups more or less. What this means is that i can’t simply modify values during the login flow, I need to edit values at spontaneous times or whenever the user initiates them. FURTHERMORE, I need to capture data which the user themselves define, such as a group name value, and then somehow pass that value into the app_metadata. (I asked earlier if I could store arrays, because I imagine user’s potentially creating multiple groups, in which case i would effectively just list them in one array value). So basically, I want to know, what does the process of getting user-defined data from a form they fill out on my app all the way to storing that data somewhere in their user.app_metadata look like? What are all the key steps?
B10)
I know within actions I can check for the existence of values and things on the user profiles with if statements and for example break if a value is found. That happened on How can I use the Management API in Actions? this page you linked me. At the end the final code they have within their action reads:
if (event.stats.logins_count !== 1) {
return;
}
When I had that action built up like the tutorial and tried to log in it gave me an error and didn’t let me log in at all. If i commented out that if statement there then it would log in just fine. my login count was already higher than 1. Is that what’s supposed to happen? that I can’t log in at all unless my login count ==1 with that setup? I would have assumed that that if statement just ends the action itself. Yes/No? Did I make an error in my setup or is my understanding correct and returning within an action just cancels the login?
B11a)
Why do namespaces on the app and user metadata have to be URI style? especially if auth0 undestands those values to be, for example, user.app_metadata.favColor, why do I write them in as https://some-name.com/favColor???
B11b)
Can I store different values with same end location name but different http? as in can both https://some-name.com/favColor and https://some-other-name.com/favColor be on the same user app_metadata?
B12)
How does console.log() work within actions? I tried having a console.log(event), followed by a console.log(“Hello World”); and only the first displayed within the dashboard’s Monitoring->logs->successful login->Action Details->myAction logs.
All right. That’s all I’ve got this time. I hope it’s okay to ask here. I keep worrying, because I know like stackOverflow sorts of forums are big about keeping very on topic with quesions, and formally my responses have been very removed from my initial post, but I believe my questions are aligned with the spirit of what I was initially asking and what I’m trying to understand, and putting them in this one place made sense to me, so i hope that’s okay with the community.
And once again, Thank You so much. The auth0 community is just so amazing how they’re able to help me out like they do.