Here is the script that I’m using during the login flow:
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'http://schemas.microsoft.com/ws/2008/06/identity/claims';
const assigned_roles = (event.authorization || {}).roles;
if (assigned_roles) {
assigned_roles.forEach((role) => {
api.idToken.setCustomClaim(`${namespace}/role`, role);
});
}
};
I have two roles assigned to the user who is logging in, however, this will only allow the claim to appear once so never get both roles. How can I work around this or hack it so that I can get both roles assigned to the user? Strangely, it doesn’t work, I don’t understand how this can be an issue.
Hi @kibblewhite
Welcome to the Auth0 Community!
Thank you for posting your question. Your script in current form is overriding the previous role assigned to the user. You can try to pass the whole array or for each iteration of your loop update the claim name like role1 role2 etc.
I hope this will help you!
Thanks
Dawid
I acknowledge your input, and it seems to align with the situation at hand. Unfortunately, this doesn’t address my specific issue. In our context, claims for roles are treated as distinct entries with identical claim names but different values, each representing a unique role associated with the user. As far as my understanding goes, this has been the established practice, as observed in various programming languages where claims with the same name are added multiple times…
Ref: c# - How to store multiple roles in Role Claim? - Stack Overflow
To add to that, this means not being able to add more than one claim with the same name results in incompatibility with a wide gamut of programmatic approaches with claims. I don’t understand how this hasn’t been raised thus far?