First login doesn't include permissions using post login action

alin.tatu · September 27, 2023, 12:09pm

Hello,

I saw this situation happening through the forum but I couldn’t find an appropriate solution to my problem.

I have an action that assign user role after the first login.

exports.onExecutePostLogin = async (event, api) => {
    if (event.stats.logins_count !== 1) {
        return;
    }

    const ManagementClient = require('auth0').ManagementClient;

    var management = new ManagementClient({
        domain: 'MY_DOMAIN',
        clientId: 'MY_MANGEMENT_CLIENT_ID',
        clientSecret: event.secrets.CLIENT_SECRET,
        scope: 'read:roles update:roles',
        audience: 'MY_AUDIENCE'
    });

    const params = {
        id: event.user.user_id
    };
    const data = {
        "roles": ['MY_ROLE']
    };
    if (event.client.client_id === "MY_CLIENT_ID") {
        management.users.assignRoles(params, data, (err, user) => {
            if (err) {
                console.log(err.message);
            } else {
                console.log('user role assigned');
            }
        });
    }
};

Now this successfully assign the role to the user.
But on client side just after the login is performed a HTTP request is made to get the oAuth token to https://MY_DOMAIN.eu.auth0.com/oauth/token .

This token doesn’t have any permissions:

{
  "iss": "https://MY_DOMAIN.eu.auth0.com/",
  "sub": "google-oauth2|117559359790633501933",
  "aud": [
    "https://MY_AUDIENCE/",
  ],
  "iat": 1695811096,
  "exp": 1695897496,
  "azp": "yIKsGOF4X2tXr0noeTj2J9uSBcmWn8jF",
  "scope": "openid profile email offline_access",
  "permissions": [
  ]
}

But if I try to login again it will have the permissions.

How can I have the permission in the first login token response?

tyf · September 28, 2023, 10:16pm

Hey there @alin.tatu welcome to the community!

Thanks for the detailed description of the issue

That’s odd those permissions aren’t coming through - I am using the same Action code and registering a google-oauth2 user and I can’t seem to reproduce this That is, the permissions are present in the access token as expected. Does this happen consistently? Are the permissions ever available?

One option/workaround is to force silent auth which would then add the permissions if they aren’t available already. Important to note, you would need to set cacheMode: 'off' in get getTokenSilentlyOptions in auth0-react for example.

alin.tatu · October 9, 2023, 3:27pm

Hi @tyf thanks for you answer, and sorry for the late reply.

The permissions are present only after the 2nd login, or using the refresh_token to get a new token.
But I wonder why they are not present on the access_token I get just after the 1st login?

I would prefer not to go with the silent auth methods as it will complicate my workflow.

system · November 14, 2023, 1:42am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to getPermissions in Post-Login Action Help management-api , users	2	771	December 22, 2023
How do I add permissions (not roles) using the actions? Help dashboard , admin-management	4	839	January 15, 2024
Assign permissions using Actions Post User Registration flow Help auth0	7	2717	January 8, 2024
I am unable to add the role which was added during the first login to the access token Help management-api , roles	3	866	June 12, 2024
Setting a user role in an action will not update the permissions in the access token Help	11	6804	January 8, 2024

First login doesn't include permissions using post login action

Related Topics