After applying a Role to a User using a Rule at signup (first login), the permissions are not in the user's access token

I followed the instructions in How do I add a default role to a new user on first login? to add a Role upon signup/initial login. The Role gets applied correctly. However, the problem is that the initial access token the user is given doesn’t have the permissions for that role in it. If the subsequently login again, the permissions are there. I suppose that this is because either the access token has already been generated by the time the rule is executed or because there’s a slight delay between when the roles are updated and actually applied to the access token.

Any help would be greatly appreciated.

2 Likes

Hi @pvarner, this is exactly the issue I am faced with.

Did you manage to find a workable solution?

Regards

Andy

1 Like

After the user logs in, we force getting a new auth token in a loop until getting a non-empty set of permissions. I usually only takes one request for that to happen.

2 Likes

Hi @pvarner,
Many thanks for the quick response I’ll give that a go.

Makes sense for what we will need as the system is not ready to be used unless they have roles/permissions in the client too.

Andy

Many thanks @pvarner.

This worked for me.

For anyone’s reference I used this code to refresh the token, which included the updated roles/permissions:

renewToken() {
this.auth0Client$.subscribe((client: Auth0Client) => {
client.getTokenSilently({ audience: config.audience, scope: config.domain, ignoreCache: true });
});
}