Assign role after verify account with the email link

Hello everyone, I need to assign a role a user who use the verification link in his email, I did this rule:

function (user, context, callback) { 
  if(user.email_verified){
    const assignedRoles = (context.authorization || {}).roles;
    if(assignedRoles.length > 0){
      return callback(null, user, context);
    }else{
      const params =  { id : user.user_id};
      const data = { "roles" : ["ID_ROLE"]};
      const ManagementClient = require('auth0@2.34.2').ManagementClient;
      const management = new ManagementClient({token: auth0.accessToken,domain: auth0.domain});
      management.users.assignRoles(params, data, function (err, user) {
        if (err) {console.log(err);}
        callback(null, user, context);
      });
    }
  }else{
    return callback(null, user, context);
  } 
}

But, the problem is that rule execute when the user login after he verified his account, but to reflect the list of the roles in the token the user needs to refresh the page or logout and login another time, but I need to execute the assign of the role with the email verification action

Thanks a lot for your help

Hi @jorge.vazquez,

Welcome to the Community!

Unfortunately, rules only run after successful authentication, and the email verification link will not authenticate the user. The most similar flow possible when forcing email verification would look like this:

  1. User signs up with database connection (email/password)
  2. User is redirected back to the app with an unauthorized error and shown a message that they must first verify their email address.
    • The rule will send the user back to your app with an error in the URL.
    • Your app will use the error in the URL to display a user-friendly message.
    • Force email verification example: Force email verification
  3. The user will verify their email address and they will click a button to go back to the app (you will need to configure an Application Login URI to show the button on the email verification page when using the New Universal Login)
  4. The user will have to log in again to be assigned the roles.

Related topic:

1 Like

Hi @stephanie.chamblee

Thanks a lot for your help. I’m going to do that.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.