Check if User has Exiting Roles

jacques.bronkhorst · December 7, 2017, 7:54am

I need to check if a user has existing roles.

My Current Rule adds a role “new” if the users login count < 2. I need to extend this to check if the user has been assigned any roles that where created with the management API.

function (user, context, callback) {
user.app_metadata = user.app_metadata || {};
      if (context.stats.loginsCount < 2)
    {
  // You can add a Role based on what you want
  // In this case I check domain
  var addRolesToUser = function(user, cb) {

       cb(null, 'new']);
    };
  addRolesToUser(user, function(err, roles) {
    if (err) {
      callback(err);
    } else {
      user.app_metadata.roles = roles;
      auth0.users.updateAppMetadata(user.user_id, user.app_metadata)
        .then(function(){
          context.idToken'https://syntrack.net/roles'] = user.app_metadata.roles;
          callback(null, user, context);
        })
        .catch(function(err){
          callback(err);
        });
    }
  });
}
   callback(null, user, context);
    }

So would something like this work?

  if (context.stats.loginsCount < 2)
    { 
        if(user.app_metadata.roles === undefined)
       {
             //add the [new] role
       }
   }
callback(null, user, context);

jmangelo · December 7, 2017, 6:01pm

It depends; the recommended implementation would require knowing all the exact details.

For example, assuming that:

an end-user may or may not have roles defined in app_metadata.roles and if they have then it’s an array of roles.
you want to augment those roles in rules with other roles, but these other roles don’t need to be persisted to metadata as they are only relevant in responses that go through rules.

Then the following simplified rule could do the trick:

function (user, context, callback) {
  var roles = user.app_metadata.roles || ];

  if (context.stats.loginsCount < 2) { roles.push("new"); }

  // do other stuf that can add roles

  // add roles to the response (ID token or access token; assuming OIDC/OAuth2)
  
  callback(null, user, context);
}

jacques.bronkhorst · December 7, 2017, 6:07pm

@jmangelo How would I go about checking if the user does not have existing roles and Login count < 2?

if (context.stats.loginsCount < 2 && roles.length === 0) { roles.push("new"); }

Would that work?

jmangelo · December 7, 2017, 11:50pm

Assuming the sample rule in the answer with the roles = user.app_metadata.roles || ] logic then your suggested change should work, because complete lack of roles (never assigned) or empty roles would always result in an empty array which would satisfy the roles.length === 0 check you added.

jacques.bronkhorst · December 8, 2017, 12:26am

@jmangelo You SIR are a scholar and a gentleman!

Topic		Replies	Views
Assign role to new created user after signup Help auth0	0	1407	September 16, 2022
My rule only give a role on the second login Help	4	2314	January 21, 2021
Assing default role upon login only if not yet assigned a role by the admin Help	5	1801	November 26, 2021
How to add user role to a user during their login Help rules , app_metadata , metadata , roles	2	5389	March 2, 2018
Assign Roles to users using Rules Help rbac	14	16095	March 14, 2020

Check if User has Exiting Roles

Related topics