Adding roles to users post-registration using actions

Hello, I’m pretty new to auth0 and what i’m trying to achieve is add specific roles that i have already created through the auth0 dashboard and assign them to certain users based on their email domain name

I used this thread as a reference and followed it step by step: How can I use the Management API in Actions?

I actually tried to pull it off in the post-registration flow as well as in the post-login flow and neither worked for me

Here’s what my action looks like

exports.onExecutePostUserRegistration= async (event, api) => {
  if (event.stats.logins_count !== 1) {
    return;
  }

  const namespace = "https://my-app.example.com";

  const ManagementClient = require("auth0").ManagementClient;

  const management = new ManagementClient({
    domain: event.secrets.domain,
    clientId: event.secrets.clientId,
    clientSecret: event.secrets.clientSecret,
    scope: "read:roles create:roles update:roles",
  });

  const params = { id: event.user.user_id };
  const defaultRole = { "roles": [event.secrets.defaultRole] };
  const adminRole = { "roles": [event.secrets.adminRole] };

  try {
    if (event.authorization) {
      if (!event.user.email_verified) {
        return;
      } else if (
        event.user.email &&
        event.user.email.endsWith("@admin.com")
      ) {
        api.idToken.setCustomClaim(
          `${namespace}/roles`,
          await management.users.assignRoles(params, adminRole)
        );
        api.accessToken.setCustomClaim(
          `${namespace}/roles`,
          await management.users.assignRoles(params, adminRole)
        );
      } else {
        api.idToken.setCustomClaim(
          `${namespace}/roles`,
          await management.users.assignRoles(params, defaultRole)
        );
        api.accessToken.setCustomClaim(
          `${namespace}/roles`,
          await management.users.assignRoles(params, defaultRole)
        );
      }
    }
  } catch (e) {
    console.log(e);
  }
};

Could someone be kind enough to help me point out what i’m doing wrong please?

Thanks in advance

Hi @Skia,

Thanks for reaching out to the Auth0 Community!

After taking a look at your Action, I found that you are trying to both assign the user roles and set the roles as a custom claim simultaneously.

In this scenario, I recommend separately these tasks and using the management.roles.assignUsers method instead.

So far, I found issues with the management.users.assignRoles and management.assignRolestoUser methods working incorrectly. As a workaround, you could use the management.roles.assignUsers for a single user, when normally meant for assigning many users.

Here is a revised version of your Action:

exports.onExecutePostUserRegistration= async (event, api) => {
  if (event.stats.logins_count !== 1) {
    return;
  }

  const namespace = "https://my-app.example.com";

  const ManagementClient = require("auth0").ManagementClient;

  const management = new ManagementClient({
    domain: event.secrets.domain,
    clientId: event.secrets.clientId,
    clientSecret: event.secrets.clientSecret,
    scope: "read:roles create:roles update:roles",
  });

  const defaultRole = { id :'YOUR_DEFAULT_ROLE_ID_HERE'};
  const adminRole = { id :'YOUR_ADMIN_ROLE_ID_HERE'};
  var data = { "users" : [ event.user.user_id]};

  try {
    if (event.authorization) {
      if (!event.user.email_verified) {
        return;
      } else if (event.user.email && event.user.email.endsWith("@arcadous.com")) {
          api.idToken.setCustomClaim(`${namespace}/roles`, event.secrets.adminRole);
          api.accessToken.setCustomClaim(`${namespace}/roles`, event.secrets.adminRole);
          await management.roles.assignUsers(adminRole, data);
      } else {
          api.idToken.setCustomClaim(`${namespace}/roles`, event.secrets.defaultRole);
          api.accessToken.setCustomClaim(`${namespace}/roles`, event.secrets.defaultRole);
          await management.roles.assignUsers(defaultRole, data);
      }
    }
  } catch (e) {
    console.log(e);
  }

};

Please let me know how this works for you.

Thank you.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.