Hi dear Auth0 community,
I have some questions regarding role assignment and user_metadata
. I searched all the threads and implement the solutions proposed there, but nontheless it seems that my implementation does not behave as expected. I would be really thankful if you can please have a look at my use case described here and please help me with this.
I want to assign a role to a user on onExecutePostUserRegistration
depending on the Auth0 application this user signed up with. We have one “Native” Application and one “Single Page Application”, both for different kind of applications. As we have MFA with phone enabled for our applications, on the signup the user needs to enter his phone and verify it. Within Auth0 signup flow provided by the universal login.
I tried the following:
- Create an action for the “Pre User Registration” (
onExecutePreUserRegistration
) where I tried to assign app type as user metadata depending on the source application:
exports.onExecutePreUserRegistration = async (event, api) => {
// Get source Auth0 application from where this user comes ('Single Page Application' or 'Native Application')
// ⚠️ 'event.client' is an optional, it can be null
const sourceApp = event.client.client_id
console.log('users source app:', sourceApp)
if (sourceApp == null) {
return {
statusCode: 404,
body: JSON.stringify({ message: 'We could not determine the originating application here, why?' }),
};
}
// Check 'sourceApp' and see which application it is matching
if (sourceApp == event.secrets.clientIdApp1) {
api.user.setUserMetadata("appSource", "app1")
}
if (sourceApp == event.secrets.clientIdApp2) {
api.user.setUserMetadata("appSource", "app2")
}
};
- I created a “Post User Registration” Action,
onExecutePostUserRegistration
where I try to assign a role depending on theappSource
inuser_metadata
:
exports.onExecutePostUserRegistration = async (event, api) => {
// Declare ManagementClient which provide functionality to assign role to user
const ManagementClient = require('auth0').ManagementClient;
const management = new ManagementClient({
domain: event.secrets.domain,
clientId: event.secrets.clientId,
clientSecret: event.secrets.clientSecret,
});
const userIdParams = { id : event.user.user_id};
const app1RoleData = { "roles" : [event.secrets.app1Role]};
const app2RoleData = { "roles" : [event.secrets.app2Role]};
try {
if (event.user.user_metadata.appSource == "app1Role") {
await management.assignRolestoUser(userIdParams, app1RoleData)
}
if (event.user.user_metadata.appSource == "app2Role") {
await management.assignRolestoUser(userIdParams, app2RoleData)
}
} catch (exception) {
console.log('Error when trying to assign role to user', exception)
throw {
statusCode: 500,
body: JSON.stringify({ error: `An error occurred when trying to assign role to user ${userIdParams}` })
};
}
};
Nontheless it seems that this does not work. 1st the assigned user_metadata
remains empty when I look at the json of my user:
{
"created_at": "2023-10-02T09:38:51.413Z",
"email": "my+user@company.com",
"email_verified": false,
"identities": [
{
"connection": "MyApp-DB",
"provider": "auth0",
"user_id": "xxxxxxxxxx",
"isSocial": false
}
],
"name": "my+user@company.com",
"nickname": "my+user",
"picture": "https://s.gravatar.com/avatar/xxxxxxxxx.png",
"updated_at": "2023-10-02T09:39:59.991Z",
"user_id": "auth0|xxxxxxxxxxx",
"user_metadata": {},
"multifactor": [
"guardian"
],
"multifactor_last_modified": "2023-10-02T09:39:59.991Z",
"last_ip": "2003:e8:f3b:5c00:80ba:84d8:52de:e199",
"last_login": "2023-10-02T09:38:51.411Z",
"logins_count": 1,
"blocked_for": [],
"guardian_authenticators": [
{
"id": "sms|xxxxxxxx",
"type": "sms",
"confirmed": true,
"name": "XXXXXXXXX3232",
"created_at": "2023-10-02T09:39:48.000Z",
"last_auth_at": "2023-10-02T09:39:59.000Z"
}
],
"passkeys": []
}
Also the role was not assigned to the user:
The reason is here probably because the metadata was already not set as expected, so the conditions in the code posted in “2.” are never given.
Can you please tell me how to assign a role to a user depending on the Auth0 app used? And can you also please tell me how to assign user_metadata
? Does it work fe. only on specific Action types? Like fe. only on “Post Login” Actions?