This is weird and inconsistent and I don’t understand it fully! Hopefully you can help me?
So, I had the brainwave of using the API explorer and manually putting in the ID via getUser. I got:
{
"created_at": "2023-10-21T20:10:33.144Z",
"email": "service.user@thejump.tech",
"email_verified": true,
"family_name": "User",
"given_name": "Service",
"identities": [
{
"provider": "google-oauth2",
"access_token": "ya29.a0AfB_byCqVxCXCL77ehQyIGcHQPXOgtdUZD2pU4E_bwKA0Vrz-nojOf1Q9hWUZYLkCr4MGz78_SNMQFcNVer5tejAUZ1VE_JWBp1usgOSyLypDlmGrAmYsFzbydTZ6rzsTwMiku8yOquVYjHme2rEq5XgqQ6FkQ4_j2gaCgYKAZoSARASFQHGX2Miqf1xXbrRSDVOc3hOJ3XzZg0170",
"expires_in": 3599,
"user_id": "100504342678187610930",
"connection": "google-oauth2",
"isSocial": true
}
],
"locale": "en-GB",
"name": "Service User",
"nickname": "service.user",
"picture": "https://lh3.googleusercontent.com/a/ACg8ocK-otc-TRx8Nr21UmyGoNTZmzGbeimmn_UNJebu6r0B=s96-c",
"updated_at": "2023-11-15T00:13:02.561Z",
"user_id": "google-oauth2|100504342678187610930",
"user_metadata": {},
"app_metadata": {
"admin": false,
"courses": [
"web"
],
"tutors": [
"james",
"roger"
]
},
"last_ip": "152.37.66.1",
"last_login": "2023-11-15T00:13:02.561Z",
"logins_count": 25
}
user_metadata
and app_metadata
but no roles or rbac (the other 2 rules I have in my login flow)
Then I took the sample app above and ran it and copied the env files over (I’m using the pages router where you’re using the app router btw) and I noticed a missing environment variable mentioned for API audience in the boot. I then added that and got:
{
"https://portal.thejump.tech/roles": [
"Portal Test Role"
],
"https://portal.thejump.tech/app_metadata": {
"admin": false,
"courses": [
"web"
],
"tutors": [
"james",
"roger"
]
},
"https://portal.thejump.tech/permissions": [
"homework:create"
],
"given_name": "Service",
"family_name": "User",
"nickname": "service.user",
"name": "Service User",
"picture": "https://lh3.googleusercontent.com/a/ACg8ocK-otc-TRx8Nr21UmyGoNTZmzGbeimmn_UNJebu6r0B=s96-c",
"locale": "en-GB",
"updated_at": "2023-11-15T00:13:02.561Z",
"email": "service.user@thejump.tech",
"email_verified": true,
"sub": "google-oauth2|100504342678187610930",
"sid": "iQBiUdDuOefgFtk37Fb15_gsAJY_VVKo"
}
(adding and removing the audience seems to make no difference)
Now I have roles, rbac and app_metadata
but no user_metadata
.
I then put new values in user_metadata
and called the API explorer again and it picked them up. Still no look with either my original app or the basic example app.
I tested my action and got confirmation:
[
{
"name": "https://portal.thejump.tech/app_metadata",
"target": "idToken",
"type": "SetCustomClaim",
"value": {}
},
{
"name": "https://portal.thejump.tech/app_metadata",
"target": "accessToken",
"type": "SetCustomClaim",
"value": {}
},
{
"name": "https://portal.thejump.tech/user_metadata",
"target": "idToken",
"type": "SetCustomClaim",
"value": {}
},
{
"name": "https://portal.thejump.tech/user_metadata",
"target": "accessToken",
"type": "SetCustomClaim",
"value": {}
}
]
So it looks like it works in theory! (It’s the one in my comments above)
(Also I can never decode the accessToken on JWT.io to see what values are in. It’s always ‘invalid format’)
So, I’ve got most of the data but I’m really confused as to:
- Why it suddenly started to work?! (The only thing I can think of is that calling the API explorer caused it to refresh a cache or something? In the old Rules you had to manually call to cache this data, I think?)
- Why it’s not giving me the last piece of data and why the API explorer call does?!
So, I’m really close but can you shed any light on that?
Happy to provide any info you require and many thanks for all your help so far!