First login doesn't include permissions using post login action

alin.tatu · September 27, 2023, 12:09pm

Hello,

I saw this situation happening through the forum but I couldn’t find an appropriate solution to my problem.

I have an action that assign user role after the first login.

exports.onExecutePostLogin = async (event, api) => {
    if (event.stats.logins_count !== 1) {
        return;
    }

    const ManagementClient = require('auth0').ManagementClient;

    var management = new ManagementClient({
        domain: 'MY_DOMAIN',
        clientId: 'MY_MANGEMENT_CLIENT_ID',
        clientSecret: event.secrets.CLIENT_SECRET,
        scope: 'read:roles update:roles',
        audience: 'MY_AUDIENCE'
    });

    const params = {
        id: event.user.user_id
    };
    const data = {
        "roles": ['MY_ROLE']
    };
    if (event.client.client_id === "MY_CLIENT_ID") {
        management.users.assignRoles(params, data, (err, user) => {
            if (err) {
                console.log(err.message);
            } else {
                console.log('user role assigned');
            }
        });
    }
};

Now this successfully assign the role to the user.
But on client side just after the login is performed a HTTP request is made to get the oAuth token to https://MY_DOMAIN.eu.auth0.com/oauth/token .

This token doesn’t have any permissions:

{
  "iss": "https://MY_DOMAIN.eu.auth0.com/",
  "sub": "google-oauth2|117559359790633501933",
  "aud": [
    "https://MY_AUDIENCE/",
  ],
  "iat": 1695811096,
  "exp": 1695897496,
  "azp": "yIKsGOF4X2tXr0noeTj2J9uSBcmWn8jF",
  "scope": "openid profile email offline_access",
  "permissions": [
  ]
}

But if I try to login again it will have the permissions.

How can I have the permission in the first login token response?

ty.frith · September 28, 2023, 10:16pm

Hey there @alin.tatu welcome to the community!

Thanks for the detailed description of the issue

That’s odd those permissions aren’t coming through - I am using the same Action code and registering a google-oauth2 user and I can’t seem to reproduce this That is, the permissions are present in the access token as expected. Does this happen consistently? Are the permissions ever available?

One option/workaround is to force silent auth which would then add the permissions if they aren’t available already. Important to note, you would need to set cacheMode: 'off' in get getTokenSilentlyOptions in auth0-react for example.

alin.tatu · October 9, 2023, 3:27pm

Hi @ty.frith thanks for you answer, and sorry for the late reply.

The permissions are present only after the 2nd login, or using the refresh_token to get a new token.
But I wonder why they are not present on the access_token I get just after the 1st login?

I would prefer not to go with the silent auth methods as it will complicate my workflow.

system · November 14, 2023, 1:42am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
After applying a Role to a User using a Rule at signup (first login), the permissions are not in the user's access token Get Help rules	5	7079	January 9, 2020
How do I add a default role & permissions to a user? Get Help rules , rbac	5	5406	February 3, 2021
Automatically adding permissions to JWT on first login Get Help	3	3128	April 21, 2020
Assigning roles not working on first login Get Help rules , roles , login , rbac	3	2381	December 1, 2021
First time login missing permissions in the access token JWT.io jwt , login	4	4122	November 1, 2022

First login doesn't include permissions using post login action

Related topics