Auto role adder based on application source

dpatrone1 · April 29, 2024, 1:17pm

hi everyone,
Below is my current action: i need to insert an if statement that switch between the domain that makes the login request

exports.onExecutePostLogin = async (event, api) => {
  if (event.stats.logins_count > 1) {
    return;
  }
  const ManagementClient = require('auth0').ManagementClient;

  const management = new ManagementClient({
    domain: event.secrets.domain,
    clientId: event.secrets.clientId,
    clientSecret: event.secrets.clientSecret,
  });

  const params = { id: event.user.user_id };
  const data = { "roles" : ["rol_gUNCo5UFyb9IVubw"]};
    try {
    await management.assignRolestoUser(params, data);
    console.log(`Role ${data.roles} successfully assigned to ${event.user.email}`);
    api.idToken.setCustomClaim(`rules`, "rangerGestUser");
    api.accessToken.setCustomClaim(`rules`, "rangerGestUser");
  } catch (err) {
    
    console.log(err);
    // Handle error.
  }
};

I want to change the role ( const data = { “roles” : [“rol_gUNCo5UFyb9IVubw”]}; ) based on the login domain
for example if the login domain is foo.bar.com → role 1 ; bar.foo.com → role 2

can anyone help me?

thanks a lot
davide

rueben.tiow · April 29, 2024, 8:55pm

Hi @dpatrone1,

You should be able to conditionally set your roles based on the login domain by adding an if-condition, as you mentioned.

You should encapsulate that if-condition block around the management.users.assignRoles method.

For example, you could check the redirect_uri to determine the domain:

exports.onExecutePostLogin = async (event, api) => {
  if (event.stats.logins_count > 1) {
    return;
  }

  if (event.transaction.redirect_uri === "https://someuri.com") {
    const ManagementClient = require('auth0').ManagementClient;

    const management = new ManagementClient({
      domain: event.secrets.domain,
      clientId: event.secrets.clientId,
      clientSecret: event.secrets.clientSecret,
    });

    const params = { id: event.user.user_id };
    const data = { "roles" : ["rol_gUNCo5UFyb9IVubw"]};

    try {
      await management.assignRolestoUser(params, data);
      console.log(`Role ${data.roles} successfully assigned to ${event.user.email}`);
      api.idToken.setCustomClaim(`rules`, "rangerGestUser");
      api.accessToken.setCustomClaim(`rules`, "rangerGestUser");
    } catch (err) {
      console.log(err);
      // Handle error.
    }
  }
};

It might be worth refactoring the code to abstract the assignRolestoUser as a helper function.

Let me know how this goes for you.

Thanks,
Rueben

dpatrone1 · April 30, 2024, 8:42am

hi @rueben.tiow,
thanks for your help your code solved my problem <3

system · May 14, 2024, 8:43am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.