Hi,
I am working on a multi-tenant application that uses Auth0 organizations.
The Auth0 application is configured with a custom database connection so the users live and are managed by our application and are not imported into an Auth0 DB.
Our application database contains existing users that have not been created via the custom database connection.
We want all users to be able to log in to the application via a common URL, e.g. example.com irrespective of which organization the users belong to. If a user belongs to a single organization, Auth0 should log them in to this organization - this works fine. If a user belongs to multiple organizations, Auth0 should let the user choose which organization they want to log in to - this also works fine. The problem arises for existing users in our database that do not have any organization membership set up. I am looking for a way to automatically assign these users to an organization based on metadata that we store in the application database.
Note that the auto-membership feature of Auth0 is not applicable in my case because it would require users to specify the organization before logging in - something we don’t want.
If have tried 2 approaches to do this:
-
I tried to use a post-login action in Auth0 to set up the membership for a user using a call to our own backend for retrieving the relevant metadata, and a subsequent call to the Auth0 management API for establishing organization membership. However, I discovered that the post-login script is not even invoked by Auth0 if a user without existing organization membership attempts to login. So this doesn’t seem to work.
-
I tried to create a batch job in our application that would create the initial organization memberships for existing users using the Auth0 management API. But for creating the membership I need an Auth0 user id. The problem I am facing here is that I cannot seem to get the user representation in Auth0 set up for the existing users. I tried both the create user endpoint and the users imports endpoint.
The create user endpoint attempts to create the user via the custom database script. However, since the user already exists in our database the get user script will return it and the user creation will fail and no user representation will be created.
The users imports endpoint fails with “Custom Database Connections without import mode are not allowed.”. This suggests to me that it is not intended to be used for my purpose.
After trying all this I feel stuck. What is the recommended approach to achieve what I want to do? Maybe there is a better way that I don’t know of?
Thank you!