Failure adding permissions to a user if signing via Google Oauth

Help
,
1

Hi I’m encountering an issue where if a user signs in via google oauth they are not assigned a role but if they login via username-password they are assigned the role. I created a post user login action where they should be assigned the role after login. This only works when it’s a username-password authentication. Shouldn’t the code below apply to all authentications.

exports.onExecutePostUserRegistration= async (event, api) => {

  const ManagementClient = require("auth0").ManagementClient;

  const management = new ManagementClient({
    domain: event.secrets.domain,
    clientId: event.secrets.clientId,
    clientSecret: event.secrets.clientSecret,
    scope: 'update:roles'
  });

  const adminRole = { id :'SOME_ROLE'};
  var data = { "users" : [ event.user.user_id ]};

  try {
    await management.roles.assignUsers(adminRole, data);
  } catch (e) {
    console.log(e);
  }
 
};

I would appreciate some help.

3

Hi @nick25,

Welcome to the Auth0 Community!

Unfortunately, the Post-User Registration Action flow only runs after a user is added to a Database or Passwordless Connection. (Reference: Post User Registration Flow)

Since Google is a Social Connection, we recommend using a Post-Login Action to add permissions to a Social Connection user.

For your convenience, I have updated your code snippet:

exports.onExecutePostUserRegistration= async (event, api) => {
  if (event.stats.logins_count !== 1) {
    return;
  }
  const ManagementClient = require("auth0").ManagementClient;

  const management = new ManagementClient({
    domain: event.secrets.domain,
    clientId: event.secrets.clientId,
    clientSecret: event.secrets.clientSecret,
    scope: 'update:roles'
  });

  const adminRole = { id :'SOME_ROLE'};
  var data = { "users" : [ event.user.user_id ]};

  try {
    await management.roles.assignUsers(adminRole, data);
  } catch (e) {
    console.log(e);
  }
 
};

Please let me know if you have any questions.

Thanks,
Rueben

4

Thanks @rueben.tiow. Could you please elaborate on this modification? What’s the purpose of validating if the login count isn’t 1.

 if (event.stats.logins_count !== 1) {
     return;
 }

Also I tried what you mentioned but still fails to update the user with the role:

exports.onExecutePostLogin = async (event, api) => {
  const { user } = event;

  if (user.identities && user.identities.length > 0) {
    const googleIdentity = user.identities.find(identity => identity.provider === 'google-oauth2');

    if (googleIdentity) {
      const ManagementClient = require("auth0").ManagementClient;
      const management = new ManagementClient({
        domain: event.secrets.domain,
        clientId: event.secrets.clientId,
        clientSecret: event.secrets.clientSecret,
        scope: 'update:roles'
        });
      
      const adminRole = { id :'SOME_ROLE};
      var data = { "users" : [ user.user_id ]};
      
      try {
        await management.roles.assignUsers(adminRole, data);
        } catch (e) {
          console.log(e);
        }
      }
    }

};

Am I missing or doing something wrong here?

5

Hi @nick25,

Thank you for your response.

Sure, I would be happy to explain.

We are checking the condition if logins_count does not equal 1, because we want the script to execute only when logins_count does equal 1, indicating that the user has just signed up.

Take note that when a user completes the sign-up process, they are automatically logged in, which increments their logins_count by 1.

Circling back, could you please clarify if you are encountering any errors with your Action script or if the role is just not being updated?

And have you tried using the Actions built-in debugger to check if the code is being executed? You can add console.log statements to verify if the code is running as expected.

I look forward to your reply.

Thanks,
Rueben

6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.