Adding Roles in app_metadata is not reflecting in Roles section of User Details

I have tried adding roles to app_metadata of user (using rules and also with Delegated Admin Extention Write Hook), it is showing the in JSON Object of user in the app_metadata field but the Roles tab of User Details is showing the message “There are no roles assigned to this user yet”.

The Roles tab refers to the Roles assigned via RBAC Core (i.e. via Dashboard > Users & Roles > Roles, or Dashboard > Users > User > Assign Roles). These assigned roles via RBAC also aren’t visible in the app_metadata.

The roles in app_metadata, such as below, refer to the older Authorization extension, while the Roles tab refers to the newer RBAC Core. I understand it can be confusing.

"app_metadata": {
    "authorization": {
        "groups": [],
        "roles": [
            "user"
        ],
        "permissions": []
    },
    "roles": [
        "user"
    ]
},
2 Likes

How we can add/Update RBAC Core Roles Using Rules or Delegated Admin Write Hook.
Is there a way we can sync these app_metadata roles to RBAC Core.

RBAC Core and Authorization Extension are two different concepts. Unfortunately Delegation Admin Dashboard relies on the older one.

You can of course update a user’s RBAC roles via Management API, with the relevant endpoints being:

https://auth0.com/docs/api/management/v2#!/Roles/post_role_users
https://auth0.com/docs/api/management/v2#!/Users/post_user_roles

and in this way, keeping the roles in Authz extension and RBAC Core for a user in sync (at least according to the role names; they’re of course different role entities)

Of course the question is when to update the roles via Mgmt API call. It’s something that could be handled with either Management API Webhooks or getting the log stream and listen for events to changes in a user profile in the logs, which would then trigger the Mgmt API call to update the user RBAC roles.

2 Likes

Thanks a lot @mathiasconradt, It was really helpful.

2 Likes

Perfect! Glad you have it figured out now!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.