Can't auto-assign role to a passwordless email signup

Hello!

I’ve been previously using a Rule to auto-assign a role to a new user on their signup for passwordless. I created a new tenant and was dismayed to learn that I can’t re-use the Rule I was using for this, that I had to create a custom Action instead.

Looking through documentation and these forums, I found two approaches. My preferred approach would be to use a post-registration action:

const auth0Sdk = require("auth0");

exports.onExecutePostUserRegistration = async (event) => {
	const ManagementClient = auth0Sdk.ManagementClient;

	// This will make an Authentication API call
  const management = new ManagementClient({
    domain: event.secrets.domain,
    clientId: event.secrets.clientId,
    clientSecret: event.secrets.clientSecret
  });

	await management.users.assignRoles(
		{ id: event.user.user_id }, 
		{ roles: [event.secrets.roleId]}, 
		(error) => {
			if (error) {
        console.log(error);
			}
		}
	);
};

This worked for a test, but when running on a signup, the event.user.user_id is blank. To my knowledge, I can’t call the Management API to update a user without the user’s id.

Per some of the discussion here, I also tried the post-login flow.

exports.onExecutePostLogin = async (event, api) => {
  if (event.stats.logins_count !== 1) {
    return;
  }

  const ManagementClient = require('auth0').ManagementClient;

  const management = new ManagementClient({
      domain: event.secrets.domain,
      clientId: event.secrets.clientId,
      clientSecret: event.secrets.clientSecret
  });

  const params = { id : event.user.user_id };
  const data = { "roles" : [event.secrets.roleId] };

  try {
    await management.assignRolestoUser(params, data);
  } catch (e) {
    console.log(e);
    // Handle error
  }
};

This also worked in a test, but when I did a signup with it deployed into the flow, this didn’t even run for a passwordless login.

What am I missing here? My company’s use of the Auth0 product depends on this flow working. Is there a way to do this?

Hi @bkease,

Welcome to the Auth0 Community!

Yes, it is recommended to use the Post-Login Flow for this case.

After reviewing your code snippet in your Post Login action script, I noticed that you are using the outdated method to assign roles to a user, specifically management.assignRolestoUser.

The correct method now for assigning roles to a user is management.users.assignRoles(), just as you did in your Post-User Registration Action script.

(Reference: UsersManager | auth0)

Could you please give that a try and let me know how it goes for you?

Thanks,
Rueben

Thanks for the response! As I mentioned, the post-login flow is not running for me with the passwordless email login. The post-registration flow always runs, but the post-login flow never does.

Hi @bkease,

Thanks for the reply.

Have you made sure that your Post-Login Action script was attached to the flow?

If so, you could include console.log() statements and monitor the logs using the Real-time Webtask Logs Extension.

Cheers,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.