Auth0 Home Blog Docs

Fetch/sync custom DB user via Mgmt API?

custom-database

#1

Is there a way via the management API for me to trigger a custom DB behavior/scripts, like get_user.js?

Context: we allow users to log on via social connections, and use https://github.com/auth0/rules/blob/master/src/rules/link-users-by-email.js to link them to a database user, if they have one.

In the case that this is an existing user in my custom DB connection backend, but they haven’t logged in with user/password yet (because they’ve only used the social auth button!), then they won’t yet show up in the Auth0 user database … and therefore I cannot link them.

Expected behavior is that the user will fetch/sync when I search by email over the management API, and then I can link them. This is important to us because their existing account has valuable metadata (like their username!), and I want to make sure it is their primary identity in Auth0 if they have one.

v2/users-by-email will not find them (it does NOT trigger get_user.js custom DB script to search emails). From my rule, I can search my custom DB directly and find the same email and their username … then I still don’t know how to get the user into Auth0 for linking. I can’t create the user over the management API, because that would trigger a create.js script, which would fail (they already HAVE an account in the custom DB).

My best guess is I could set up a resource owner password grant, which I hit with the username/email and a bogus password, just to get Auth0 to fetch/sync the account (I don’t know the user’s actual password, of course). But I think this might get the Auth0 webtask IP(s) blacklisted :stuck_out_tongue:

Anyone else ran into this and have a solution? Is there something in the Auth0 Management API to search/sync from the custom DB on the fly that I’m missing?


#2

Hello @emsearcy,

I don’t think there is anything in the API that you can use, but may be able to use a rule or a hook to do what you want to do. We use a hook to reach into our legacy LDAP database to prevent new signups from picking a username that already belongs to an as-yet un-migrated user.


#3

Thanks for your response. We’ve got lots of rules … the challenge is how I do this in a rule if there is no interface for it. Somebody logs in with a social provider, and from my rule I see that the validated social email matches a validated email in LDAP (our custom DB connects to our LDAP, btw). But if Auth0 doesn’t have an identity/record for that DB connection user because they haven’t attempted a password login yet, from the rule I somehow need to nudge Auth0 into syncing this DB account (so that I can link them).


#4

I’m probably not understanding your use case so my apologies if I am way off base here. It sounds like you have looked the user up in your LDAP directory and found them. There may be performance implications with this solution but you could possibly create the user in Auth0 yourself (you may need to delete them from LDAP before you try to create them in Auth0), and then link the FB account to the newly created Auth0 database account. Everything you need should be available via the auth0 and ldap node.js modules.