I have the following piece of code in an Action that is triggered during post-login:
exports.onExecutePostLogin = async (event, api) => {
var map = require('array-map');
var ManagementClient = require('auth0').ManagementClient;
var management = new ManagementClient({
domain: event.secrets.domain,
clientId: event.secrets.clientId,
clientSecret: event.secrets.clientSecret
});
var params = { id: event.user.user_id, page: 0, per_page: 50, include_totals: false };
console.log('1');
management.getUserPermissions(params,
function (err, permissions) {
console.log('2');
if (err) {
// Handle error.
console.log('err: ', err);
} else {
console.log('3');
var permissionsArr = map(permissions.permissions, function (permission) {
return permission.permission_name;
});
console.log('4');
api.accessToken.setCustomClaim("https://abc.com/access_actions", permissions.Arr.join(" "));
console.log('5');
}
}
);
};
It does absolutely nothing. Can anyone spot what is wrong? Iâm new to writing rulesâŚthe only thing I see in my logs is the output from console.log(â1â).
By the way, I assume that domain should be âdev-xxxxxxxx.xx.auth0.comâ, right? No need to specify https or http etc. and no trailing forward slash.
Iâve manually called the management API using curl, the same client-id and client-secret, and it works just fine. I can get the results I want. So I know that part is correct (Iâve also tried hard coding them directly in the action).
Plus, I can see in my logs that the credentials are successfully sent across to the management API.
Iâm back. Unfortunately, the same code doesnât work in a M2M flow.
exports.onExecuteCredentialsExchange = async (event, api) => {
//var map = require('array-map');
var ManagementClient = require('auth0').ManagementClient;
var management = new ManagementClient
(
{
domain: event.secrets.domain,
clientId: event.secrets.clientId,
clientSecret: event.secrets.clientSecret
}
);
var params = { client_id: event.client.client_id };
let clientObject = await management.getClient(params);
console.log(clientObject);
};
Iâm seeing {âerrorâ:âserver_errorâ,âerror_descriptionâ:âTimeout awaiting âresponseâ for 10000msâ} in curl.
What am I doing wrong? Basically I am trying to get all scopes given to a M2M application and insert it into a custom claim. I assume thatâs in the getClient api call?
You know what else is strange? When I manually call the mgmt api using curl, i see this:
{âstatusCodeâ:403,âerrorâ:âForbiddenâ,âmessageâ:âInsufficient scope, expected any of: read:clients,read:client_keys,read:client_credentials,read:client_summaryâ,âerrorCodeâ:âinsufficient_scopeâ}
I donât see âread:client_summaryâ in the web console as a permission I can add. I even tried adding ALL the available permissions - I still see the same error.
You may need to add it manually via the management API.
Also, how often are you expecting to make this call? You could run into rate limits pretty quickly. It looks like you are planning on adding permissions to each userâs token, and that wouldnât be advisable.
Yup I see the rate limit for the management api is quite low and I will easily breach that threshold. I have a different approach to achieving what I need.
