Hi,
we have a rule in order to assign roles for a user that logs in for the first time. In a second rule we add these roles to the token.
First rule for first login, based upon implementation Assign Roles to users using Rules:
function (user, context, callback) {
var count = context.stats && context.stats.loginsCount ? context.stats.loginsCount : 0;
if (count > 1) {
return callback(null, user, context);
}
var ManagementClient = require('auth0@2.17.0').ManagementClient;
var management = new ManagementClient({
token: auth0.accessToken,
domain: auth0.domain
});
management.assignRolestoUser(
{ id : user.user_id},
{ "roles" :["rol_123456789"]}, // sample role ID of "Standard API Enduser"
function (err) {
if (err) {
console.log('Error assigning role: ' + err);
}
callback(null, user, context);
});
The second rule assigns these roles to the token, based upon implementation Add user roles to tokens:
function (user, context, callback) {
const namespace = 'http://demozero.net';
const assignedRoles = (context.authorization || {}).roles;
let idTokenClaims = context.idToken || {};
let accessTokenClaims = context.accessToken || {};
idTokenClaims[`${namespace}/roles`] = assignedRoles;
accessTokenClaims[`${namespace}/roles`] = assignedRoles;
context.idToken = idTokenClaims;
context.accessToken = accessTokenClaims;
callback(null, user, context);
}
We have observed, that in case of a first login, the role gets assigned by the ManagementClient successfully via the first rule. However, the context object is not updated for the second rule. Due to this, the assigned role from the first rule is missing in the token.
However, if the user logs in a second time, the role is available. Therefore, I would like to ask, whether it is an intended design of the rules-flow not to update the context object between the processing of several rules?
Best regards
Luuk