I have the following piece of code in an Action that is triggered during post-login:
exports.onExecutePostLogin = async (event, api) => {
var map = require('array-map');
var ManagementClient = require('auth0').ManagementClient;
var management = new ManagementClient({
domain: event.secrets.domain,
clientId: event.secrets.clientId,
clientSecret: event.secrets.clientSecret
});
var params = { id: event.user.user_id, page: 0, per_page: 50, include_totals: false };
console.log('1');
management.getUserPermissions(params,
function (err, permissions) {
console.log('2');
if (err) {
// Handle error.
console.log('err: ', err);
} else {
console.log('3');
var permissionsArr = map(permissions.permissions, function (permission) {
return permission.permission_name;
});
console.log('4');
api.accessToken.setCustomClaim("https://abc.com/access_actions", permissions.Arr.join(" "));
console.log('5');
}
}
);
};
It does absolutely nothing. Can anyone spot what is wrong? Iām new to writing rulesā¦the only thing I see in my logs is the output from console.log(ā1ā).
By the way, I assume that domain should be ādev-xxxxxxxx.xx.auth0.comā, right? No need to specify https or http etc. and no trailing forward slash.
Iāve manually called the management API using curl, the same client-id and client-secret, and it works just fine. I can get the results I want. So I know that part is correct (Iāve also tried hard coding them directly in the action).
Plus, I can see in my logs that the credentials are successfully sent across to the management API.
Iām back. Unfortunately, the same code doesnāt work in a M2M flow.
exports.onExecuteCredentialsExchange = async (event, api) => {
//var map = require('array-map');
var ManagementClient = require('auth0').ManagementClient;
var management = new ManagementClient
(
{
domain: event.secrets.domain,
clientId: event.secrets.clientId,
clientSecret: event.secrets.clientSecret
}
);
var params = { client_id: event.client.client_id };
let clientObject = await management.getClient(params);
console.log(clientObject);
};
Iām seeing {āerrorā:āserver_errorā,āerror_descriptionā:āTimeout awaiting āresponseā for 10000msā} in curl.
What am I doing wrong? Basically I am trying to get all scopes given to a M2M application and insert it into a custom claim. I assume thatās in the getClient api call?
You know what else is strange? When I manually call the mgmt api using curl, i see this:
{āstatusCodeā:403,āerrorā:āForbiddenā,āmessageā:āInsufficient scope, expected any of: read:clients,read:client_keys,read:client_credentials,read:client_summaryā,āerrorCodeā:āinsufficient_scopeā}
I donāt see āread:client_summaryā in the web console as a permission I can add. I even tried adding ALL the available permissions - I still see the same error.
You may need to add it manually via the management API.
Also, how often are you expecting to make this call? You could run into rate limits pretty quickly. It looks like you are planning on adding permissions to each userās token, and that wouldnāt be advisable.
Yup I see the rate limit for the management api is quite low and I will easily breach that threshold. I have a different approach to achieving what I need.