In case helpful for others, here is how I re-wrote my Auth0 Authorization Extension Rule => Action. I didn’t need some of the generic merging + IDP handling, I just needed my authorization groups, roles, and permissions attached to my user in the JWT (I also didn’t want to update user metadata because that would require updating my front-end apps).
This requires the following:
- Set
AUTHORIZATION_EXTENSION_API_KEYin secrets - Add
axiosto dependencies
exports.onExecutePostLogin = async (event, api) => {
const userID = event.user.user_id;
const email = event.user.email;
const connectionName = event.connection.name;
const clientID = event.client.client_id;
const authorizationExtensionApiKey = event.secrets.AUTHORIZATION_EXTENSION_API_KEY;
console.log(`Getting authorization data for ${email} (${userID})...`)
const authorizationData = await getAuthorizationData(userID, connectionName, clientID, authorizationExtensionApiKey);
if (authorizationData === null) {
return;
}
console.log(`...obtained authorization data: ${JSON.stringify(authorizationData)}`);
// Setting groups, roles, and permissions from auth0 authorization extension in user token
api.idToken.setCustomClaim("groups", authorizationData.groups);
api.idToken.setCustomClaim("roles", authorizationData.roles);
api.idToken.setCustomClaim("permissions", authorizationData.permissions);
console.log("Set groups, roles, and permissions in id token");
};
async function getAuthorizationData(userID, connectionName, clientID, authorizationExtensionApiKey) {
try {
const url = `${EXTENSION_URL}/api/users/${userID}/policy/${clientID}`;
const postData = { connectionName }
const headers = {
"x-api-key": authorizationExtensionApiKey,
}
const response = await axios.post(url, postData, { headers });
return response.data;
} catch (error) {
console.error(`Error getting authorization data for ${userID}`, error);
return null;
}
}