Assign roles to Regular Web App in an action


I would like to assign a role to a user when they register an account on our app (regular web app in auth0). I’ve seen posts on how to do this with a Machine to Machine setup and auth0 Actions, but I have errors doing this with a regular web app, not sure if it’s related to it being a RWA or not. First error had me enabled Client Credentials in the app. After that was enabled, the new error was:

You need to create a \“client-grant\” associated to this API. See: Auth0 Management API v2"

Firstly, is it possible to assign roles this way with a RWA?
Secondly, if this is possible, can you please explain the client grant portion?

The action I’m playing around with now looks like this:

exports.onExecutePostUserRegistration = async (event) => {
  const ManagementClient = require("auth0").ManagementClient;
  const management = new ManagementClient({
    domain: event.secrets.domain,
    clientId: event.secrets.clientId,
    clientSecret: event.secrets.clientSecret,

  const defaultRole = { id :'some_id'};
  const data = { "users" : [ event.user.user_id]};

  try {
    if(!event.user.email_verified) {
    } else {
      await management.roles.assignUsers(defaultRole, data);
  } catch (e) {


Hi @steffanie,

Welcome to the Auth0 Community!

I understand that you would like to assign Roles to users using a Post-Login Action.

First, I would like to clarify that Auth0 Actions will work for any application type (e.x SPA, RWA, M2M).

Meaning that you can assign roles to a Regular Web App.

Next, I recommend going over our How can I use the Management API in Actions? FAQ which includes a working code snippet for assigning roles to users.

Please let me know if you encounter any issues getting this to work. I’d be happy to help!


Hi Reuben,

Thanks for the quick response! Just to clarify from the article you linked - since I want to assign roles in an Action, I must use the Management API, and the only way to use the Management API to do anything aside from updating metadata is to create a new Machine to Machine Application? Sounds simple enough :slight_smile: I’ll give it a shot!

(I had followed the article you linked before I posted this topic, but for some reason thought my app had to be M2M, not to create a new M2M app :sweat_smile: )

1 Like

Hi @steffanie,

Thank you for your update!

Yes, that is correct! You will need to use either the existing Auth0 Management API or create a new M2M application and grant that application all the required permissions to use the Management API.

The latter option gives you the ability to limit certain permissions (scopes) if needed.

I hope this helps!

Thank you.