Adding role object to token not working after user registers but works after they re-authenticate

fayezrahman · May 4, 2025, 8:02pm

I have free auth0 account and it’s great. I have it integrated with my react application and it’s working fine. I have 2 actions defined and here is what each of them does.

1st action that runs inside ‘Post-Login’ trigger: Assign ‘User’ Role to everyone that registers to my application via auth0.

the code for the action is below

exports.onExecutePostLogin = async (event, api) => {
  if (event.stats.logins_count !== 1) {
    return;
  }

  const ManagementClient = require('auth0').ManagementClient;

  const management = new ManagementClient({
      domain: event.secrets.domain,
      clientId: event.secrets.clientId,
      clientSecret: event.secrets.clientSecret,
  });

  const params =  { id : event.user.user_id};
  const data = { "roles" : [event.secrets.UserRoleID]};

  try {
    await management.users.assignRoles(params, data);
  } catch (e) {
    console.log(e);
  }
};

The code works fine and every user that registers does indeed get assigned the ‘User’ role that i have created in auth0

2nd action, creates a role property and attaches it to the user token that auth0 issues. ( this runs directly after the 1st action above also in on post-login trigger )

Code for 2nd action below

exports.onExecutePostLogin = async (event, api) => {
  const namespace = "https:/my-cool-name-space";
  const assignedRoles = event.authorization?.roles || [];
  api.idToken.setCustomClaim(`${namespace}/roles`, assignedRoles);
};

The issue that i’m seeing is that when a user register and in auth0 i can see them having the ‘user’ role, but in my react app when i am using auth0 Provider and extracting the user object from auth0 i am not seeing the roles in there on the VERY FIRST TIME THEY REGISTER AND AUTHENTICATE In my app.

If they logout, and logback in, i can see the roles object and i am able to extract it in my code and work with it…

I have tried the following
Making the action to work inside ‘Post-registeration’ trigger but that didn’t seem to work at all. i couldn’t even see the role being assigned in auth0.

I have tried adding both of the actions into 1 but that also didn’t send the roles property in the user object the first time.

Is there anything i’m missing ?

NOTE: I do see the role property but it’s empty. Which leads me to think there is a race conditon between my 1st action trigger and the 2nd one, where the user gets assigned the role but the token is already generated and doesn’t have the roles in it so therefore it defaults to the empty array i have defined.

I have tried refetching a token silently from my react client app but that didn’t also work.
The only way it works is if i log out and log back into my app…

Any guidance on this would be greatly apprecaited!

nik.baleca · May 5, 2025, 6:39pm

Hi @fayezrahman

Welcome to the Auth0 Community!

Could you please try changing the namespace to something different than /roles?

As mentioned in our documentation, roles is part of claim restrictions. You could try renaming it to /userRoles.

Let me know if you still have issues!

Kind Regards,
Nik

fayezrahman · May 5, 2025, 7:35pm

It works with roles, however my issue was that on the first login (registering for first time ) the user was actually getting the roles assigned to them ( as i can inspect that in the Auth0 User Management dashboard ) however the 2nd trigger which it actually assigned the roles to the user in the token was not being set ( only the first time )

subsequent logins did have it, so it’s not a restricted name issue.

nik.baleca · May 5, 2025, 8:16pm

Hi again!

Sorry! It appears that somehow I missed the part where the user is assigned the role and only visible after re-authentication!

That would be expected behaviour, the token retrieved after an authentication/registration event will not contain the role since it has been assigned to the user after the task was completed. You would need to refresh the token inside the application so that the new one retrieved contains the roles or the user would need to re-authenticate to include it unfortunately.

If you have any other questions on the matter, let me know!

Kind Regards,
Nik

fayezrahman · May 5, 2025, 8:34pm

I’ve tried retrieving a new token in the application but it didn’t seem to have the roles either…

the current workaround i have is the following

1 action in the on-post trigger that basically checks if the user has never logged in ( first time registering ) then it assigns a hardcoded ‘user’ role as a custom claim to the token

after that i call the management API to actually assign the role to the user so that it’s attached forever ( in the auth0 dashboard )

then another if condition check if the user has logged in before an they have roles attached to their profile
event.authorization.roles

then i just assign a custom claim called roles to their token and then i retrieve it all in my app.

The reason i wanted to get it the first time around is because i have custom protected route that will check if the user is entitled to view the component that i’m rendering based on their role

Topic		Replies	Views
Adding roles to users post-registration using actions Get Help	2	7707	January 4, 2022
Auth0 Action add user role to token Get Help user-profile , user-management	2	697	March 25, 2024
Post Login Action not Placing Role in Token Get Help	7	2490	April 22, 2022
See the roles of users in the accestoken JWT.io jwt	4	1058	August 25, 2023
Roles and permissions from Auth0 Extension not being added to id token in Next app Get Help classic-universal-login-experience , login-experience	4	1922	July 27, 2023

Adding role object to token not working after user registers but works after they re-authenticate

Related topics