I am sending a request, where I am returning the user’s app_metadata and using that information for the login process. When I use a social connection like google, I don’t seem to can any app_metadata in the JWT. Is there are way to return this?
https://{mydomain}.auth0.com/authorize?audience=https://auth.{mydomain}&scope=openid%20profile%20read:users%20read:users_app_metadata%20offline_access&response_type=code&client_id={myid}&prompt=login
Hi @scottcp,
I have inspected the users on your tenant and found that your Google Connection user has nothing saved to their app_metadata while other users have items saved in their app_metadata.
That is why you have not been able to get the app_metadata in your access token, even though you have a Rule that appends the app_metadata to your access token as a custom claim.
With that, I recommend checking the Google Connection user profile and making sure it has data saved to the app_metadata.
Thanks,
Rueben
Hi Rueben,
Thanks for your response. Is it possible to use the app metadata from Auth0 rather than from the other social providers? It’s all going to be the same data so it seems like duplication to spread it across providers.
If I absolutely need to save the app metadata on each provider everytime I add them can you point me to the best way to do that?
Thanks,
Scott
Hi @scottcp, I have inspected the users on your tenant and found that your Google Connection user has nothing saved to their app_metadata while other users have items saved in their app_metadata. That is why you have not been able to get the app_metadata in your access token, even though you have
I think I am really looking for a way to copy the app_metadata from the Username-Password-Authentication to the social logins when they are created. Is that possible to do?
Hi @scottcp,
Thanks for following up.
Yes, this is possible. For this to work, you could update the user’s metadata for Social Connections on their first login. Take note that whenever a user signs up, they are logged in immediately as well. Knowing this, you could write a Post-Login Action script that checks that the user’s connection is a social connection and that their logins_count is equal to 1 and then use the api.user.setUserMetadata(name, value) method in the Action to update the user’s metadata. (Reference: Actions Triggers: post-login - API Object)
Please let me know if you need help with implementation.
Thanks,
Rueben
Thanks, Rueben!
From what I can see the first time a social connection is used it will create a social login, how will I be able to read the app_metadata from the user with the same email address already has a Username-Password-Authentication? This is where I remain stuck.
Hi @scottcp,
You will have to use the Management API in the Action to make a call to the getUsersByEmail() method to get the user’s user_metadata with the same email address. Then save that information to the Social Connection user using the api.user.setUserMetadata(name, value) method.
It may be worth considering User Account Linking so that the user’s multiple profiles are consolidated as one.
Thanks,
Rueben
Thanks those are some great suggestions. I’m having a little trouble getting the mangement api into the actions. Do you have any examples? I’ve tried code like this and I’m getting errors.
exports.onExecutePostLogin = async (event, api) => {
const { MGMT_DOMAIN, MGMT_ID, MGMT_SECRET } = event.secrets;
const ManagementClient = require('auth0').ManagementClient;
var management = new ManagementClient({
domain: MGMT_DOMAIN,
clientId: MGMT_ID,
clientSecret: MGMT_SECRET,
});
ManagementClient.auth0.getUsersByEmail(event.user.email, function (err, users) {
api.accessToken.setCustomClaim(`hello world`, users);
});
};
Hi @scottcp,
Thanks for the reply!
Yes, I have attached a link below on how to use the Management API in Actions:
Could you please give it a try and let me know how it goes for you?
Thanks,
Rueben
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.