Assing default role upon login only if not yet assigned a role by the admin

Help
1

Hi everyone

I have a Problem in login process: I have implemented a rule which assignes a default role to all users which sign up, like the following rule:

function (user, context, callback) {

var count = context.stats && context.stats.loginsCount ? context.stats.loginsCount : 0;
if (count > 1) {
return callback(null, user, context);
}

var ManagementClient = require(‘auth0@2.17.0’).ManagementClient;
var management = new ManagementClient({
token: auth0.accessToken,
domain: auth0.domain

});

management.assignRolestoUser(
{ id : user.user_id},
{ “roles” :[“role_id”]}, // sample role ID of “Standard API Enduser”
function (err) {
if (err) {
console.log('Error assigning role: ’ + err);
}
callback(null, user, context);
});
let assignedRoles = (context.authorization || {}).roles;
assignedRoles.push(‘role_id’);
context.authorization.roles.push(‘Basis’);
}

But this creates the problem, that when i create new users in the auth0 dashboard and already assign them a role, they will also be assigned the default role, because the login count is 0.
Can anyone help me to rewrite the role, that if the user has already an assigend role, but login counts 0, the user will not be assigned the default role?

Thank anybody for any help!

3

Hi @cbafo,

Thanks for reaching out to the Auth0 Community!

I understand that you’ve been stuck with trying to get your Auth0 Rule to assign a role only if the user did not previously log in (login count = 0) and on sign up.

Unfortunately, you will encounter the issue which you observed, where users that have never logged in with assigned Roles, on the first login will trigger your Rule.

To work around this issue, you could implement a logic that looks at whether the user has a role previously assigned. If it’s not true, then you can assign them a default role.

Something like the following:

function (user, context, callback) {
    if(context.authorization.roles){
        return callback(null, user, context);  // Do nothing, pass
    }else{
        var ManagementClient = require(‘auth0@2.17.0’).ManagementClient;
        var management = new ManagementClient({
        token: auth0.accessToken,
        domain: auth0.domain
        });

        management.assignRolestoUser(
        { id : user.user_id},
        { “roles” :[“role_id”]}, // sample role ID of “Standard API Enduser”
        function (err) {
            if (err) {
            console.log('Error assigning role: '+ err);
        }
        callback(null, user, context);
        });
        let assignedRoles = (context.authorization || {}).roles;
        assignedRoles.push(‘role_id’);
        context.authorization.roles.push(‘Basis’);
    }
}

You may find our Context Object Properties in Rules docs useful.

Please let me know how this works for you.

Thank you.

5

Thank you so much for adressing my problem so fast, the part where the user gets no role assigend if i already assinged one in the dashboard seems to be working fine, but if the user does a selfregistration, he will not get assigend a role.
How can i implement it all in the same rule?
Thanks for looking into in again

1 Like
6

I seem to have made it work using the following if condition at the beginning.

if(context.authorization.roles.length > 0)

Now it seems to be working fine! Thanks a lot for your input, you saved me!! : )

1 Like
7

Hi @cbafo,

Thank you so much for your responses.

I’m glad you were able to resolve the code by modifying the condition to check for the length.

Please let me know if there’s anything else I can do to help.

Thank you.

Best,
Rueben

8

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.