To automate this completely, you could implement your code in the Custom Database login script, call your own API from the login script. Once users are created by your login script, call the endpoints shared previously to automatically add the membership to the organization.
Which raises 2 questions:
How can I know when the user is created by the login script. It doesn’t actually create a user, it just returns a profile shaped object. I assume the user creation happens after this.
Is there a way to access the management API from the custom db login script? I don’t see it exposed like in the other Auth0 actions (via the event.api). I guess I could always add machine-to-machine credentials and import the auth0 package.
Do I actually need another post-login or post-user-registration action that does the organization assignment?
Is post-user-registration invoked for custom-db registrations?
I have the same problem. Our application is business-only, so we require users to have an organization. I can confirm that post-user-registration is NOT invoked after migrating a user over from an external database. Even if it were, it’s invoked asynchronously, so there’s no guarantee it will have executed by the time the normal login flow is rejoined.
The user is not actually created within the custom database script, so there’s no use in trying to invoke the Management API to add an organization from within it. The profile object returned has no functionality to assign an organization (or if it does, it’s completely undocumented).
I did try the following hack, but it ultimately wasn’t successful. We tried to make the custom database login script aware of the intended organization ID (whether you want to store it in your external database and query it, or use the Management API to figure it out based on whatever the external database returns) and then save it in the user_metadata. We found out post-user-registration actions aren’t fired, so we tried to use a post-login action to check:
Return if the user already signed in via an organization
Call the Management API to check whether the user already has an organization, and return if it does
If the user has organization info in the user_metadata, (a) use the Management API to add the user to that organization and then (b) remove that info from the user_metadata; otherwise, raise an error (i.e., deny access)
But unfortunately, Auth0’s check that the user signing in is doing so via an organization happens before actions are run… So in the end, no go for us, but if YOUR application allows both individual and business users, this may work for you.
EDIT:
Based on advice from another post, we tried the bulk user import endpoint to port over all of our users at once, instead of lazily migrating them as they log in. Afterward, we iterated over each organization we wanted to add people to, queried the Auth0 user_ids for the users in our software we want to add to the organization, and then add them via API.
So to answer your actual questions:
It does, or you’ll get a failed login event. You can see them in the logs. If you’re returning a properly constructed profile object, it creates the user correctly.
Yes, but because the user doesn’t exist yet, it won’t help you. I’d recommend bulk-importing your users and then assigning them to organizations in bulk.
First, try searching for your answer.