Hello,
I have a SAML connection where Auth0 is the Service Provider for my application. I am trying out the new login flows but am running into a small problem that I’m not sure how to solve.
What I am trying to do
On a successful login from the SAML IdP, I want to update a user’s app_metadata
with the returned roles
and account
.
What is Happening
I cannot seem to get the roles
field off the user object from the SAML login
My configuration
In my Enterprise SAML connection I have this mapping:
{
"role": [
"http://schemas.auth0.com/app:role",
"http://schemas.auth0.com/role"
]
}
This mapping works because I see role
show up on my user when I view their raw JSON data in the dashboard. The property is a top level prop like so:
{
"role": "manager",
"user_id": "samlp|{connection}|auth0|{id}",
"app_metadata": {
"account": "sso-incorporated"
},
// lots more fields
}
I then created this flow action to run after a successful login:
exports.onExecutePostLogin = async (event, api) => {
if (event.user.email) {
// custom function to determine the account name from email address
const accountName = getAccountNameFromEmail(event.user.email);
if (accountName) {
// this works
api.user.setAppMetadata("account", accountName);
// this does not. Never saves anything (assuming `event.user['role']` is undefined)
// I cannot figure out how to access the `role` on my user object from SAML reponse
api.user.setAppMetadata("role", event.user['role']);
}
}
};
Is there any way I can access that property? I don’t mind putting my logic in the mapping rules either, but I don’t think it lets me map into app_metadata
fields. I need the roles in the app_metadata
because I search users based on that information.
Thanks!