Assign permissions using Actions Post User Registration flow

Hi @kaluk1321,

Thank you for your response and clarification.

My apologies for thinking it was a Post-Login Action in your initial message.

Yes, in this situation, a Post-Login Action is needed to work around since signing up and logging in works the same for Social Connection users. The Social Login button redirects the user to the IdP(e.x Google) to authenticate before being redirected back to Auth0.

Because of this, there is no way to utilize a Post-User Registration Action to assign permissions to Social Connection Users. Moreover, using a Post-User Registration Action will only work with Database and Passwordless users as described in our documentation here.

In this case, you must resort to using a Post-Login Action script to assign permissions to Social Connection users. If you intend to assign the permissions only once, I recommend setting a user_metadata value to check if the user has permissions assigned previously.

For example:

exports.onExecutePostLogin = async (event, api) => {
  
  const ManagementClient = require('auth0').ManagementClient;
  if(!event.user.user_metadata.assigned_permissions){
    var management = new ManagementClient({
        domain: event.secrets.CLI_DOMAIN,
        clientId: event.secrets.CLI_CLIENT_ID,
        clientSecret: event.secrets.CLI_CLIENT_SECRET,
        audience: event.secrets.CLI_MGMT_AUDIENCE,
        scope: 'update:users'
    });

    const params =  { id : event.user.user_id};
    var data = { "permissions" : [{"permission_name" :"app:user" ,"resource_server_identifier" :"https://app.development.com" }]};

    management.assignPermissionsToUser(params, data, function (err) {
        if (err) {
        // Handle error.
        console.log(err);
        }
        console.log('permissions assigned');
        api.user.setUserMetadata("assigned_permissions", true)
        // User assigned permissions.
    });
   }
};

Please let me know how this works for you.

Thanks!

1 Like