Add new user to role

mattias.skog · January 17, 2020, 8:20am

Hi,

I would like to add all new users created/registered in a specific connection (database) to a specific role the was created in Auth0 Dashboard (Authorisation Core). What would be the best way to achieve this?

To me, the most natural place to do this would be using a Post User Registration Hook. Can it be done? How, in that case? Any other ideas?

I was also thinking about using rules but it doesn’t seem like the correct place as then I would first need to check if the user is in the role and if not, add it. Feels like this is unnecessary to do on every login as it might slow things down…

Thank you in advance!

-Mattias

dan.woda · January 17, 2020, 7:49pm

Hi @mattias.skog,

Welcome to the Auth0 Community!

Can you take a look at this FAQ and see if it solves the problem?

Thanks,
Dan

mattias.skog · January 20, 2020, 8:30am

Hi Dan,

Thank you for the link! I tested that bur for some reason it didn’t work, will have to look into it more today. However, still feels like this is not the correct way to do it because this requires the user to log in ones before he is put into the role.

What if I would like to search for all users in a specific role from an external application using the Management API? I can’t find that specific user until he has logged in ones…or, can I perform a search based on a given connection? Don’t think it’s possible through the API, or is it?

-Mattias

dan.woda · January 21, 2020, 7:38pm

Ah yes, because you are trying to add the roles on creation, which may not include a login. I overlooked that, apologies.

It sounds like for your use case the post user reg hook will be the best place to do this, like you initially mentioned.

You should register the hook as a M2M app, give the app management API permissions, then you can make the call directly from the hook. It will be similar to the rule I linked.

Does that make sense?

Let me know if you need help on specific parts of it.

Thanks,
Dan

mattias.skog · January 22, 2020, 1:07pm

Thanx Dan for the response! It makes sense…some code example for the hook would be welcome.

dan.woda · January 22, 2020, 5:53pm

@mattias.skog

This should work for you.

module.exports = function (user, context, cb) {
  console.log('Starting add-role-to-new-user...');
  
  var ManagementClient = require('auth0@2.19.0').ManagementClient;
  var management = new ManagementClient({
    domain: '{DOMAIN}',
    clientId: '{CLIENT ID}',
    clientSecret: '{CLIENT SECRET}',
    scope: 'update:users'
  });
  
  var params =  {id : 'auth0|' + user.id};
  var data = {"roles" :["{ROLE ID}"]};
  
  management.assignRolestoUser(params, data, function (err) {
    if (err) {
      console.log(err);
    }
    console.log('Role added to new user.');
  });

  cb();
};

You will need to register a new M2M app as your hook, and give it update:users permissions in the management api. Then find your role id using the management api explorer get roles endpoint. Also be conscious of management api rate limits, you may want to build in some error handling if you expect a high volume. Look here for guidance:

mattias.skog · January 24, 2020, 5:22am

Thank you! This was exactly what I was looking for…

dan.woda · January 24, 2020, 8:34pm

Great! Glad it worked for you.

dan.woda · February 8, 2020, 8:34pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.