Hi @lpcarignan,
(You are probably aware of this, but to clarify for others) The Post-Registration Hook will only run after creating a user in a database connection. In other words, if a user signs up via a social or enterprise connection, the script will not run.
Another thing to consider is that the Post-Registration extensibility point is non-blocking (asynchronous), so if you have anything else in the auth pipeline that depends on the roles being assigned, you might run into a race condition (not very likely, but possible). Rules generally run in the order in which you configure them, so there is a bit more control.
Also, in Rules you will have the auth0
object available which allows you to interact easily with the Management API:
var ManagementClient = require('auth0@2.9.1').ManagementClient;
var management = new ManagementClient({
token: auth0.accessToken, // <-- Access Token already available
domain: auth0.domain // <-- Domain
});
You can do this in a Post-Registration Hook. Still, unless there is a strong reason to assign roles in Hooks (i.e., you are manually creating users to a database and need the users to have roles before they actually log in), it is usually more convenient and covers more user sign-up scenarios to use a Rule.
Here is how you can assign roles via the Post-Registration Hook:
- Create a new Machine-to-Machine (M2M) application for the Hook. Authorize it to use the Management API and give it the
update:roles
and create:role_members
scopes. You’ll need the domain, Client ID, and Client Secret for the next step.
- Create a Post Registration Hook and click on the pencil icon to begin editing it. Click on the wrench on the editor’s top left and click “secrets” to store your M2M application Client ID and Client Secret.
- Click on the wrench at the top left of the editor again and click “NPM Modules”, click “Add Module” and search for
auth0
and axios
(or whichever request client you like) and add them.
- Add the following Hook and save. Replace the role ID and the tenant domain vars. Back in the Hooks settings, make sure that this hook is enabled.
module.exports = async function (user, context, cb) {
const ManagementClient = require('auth0').ManagementClient;
const axios = require('axios');
const domain = 'YOUR_TENANT_DOMAIN';
const client_id = context.webtask.secrets.HOOK_CLIENT_ID;
const client_secret = context.webtask.secrets.HOOK_CLIENT_SECRET;
const url = `https://${domain}/oauth/token`;
const audience = `https://${domain}/api/v2/`;
const role = 'YOUR_ROLE_ID'
try {
const response = await axios.post(url, {
client_id,
client_secret,
audience,
grant_type: 'client_credentials'
});
const token = response.data.access_token;
console.log(token)
const management = new ManagementClient({token, domain, audience});
const params = { id: `auth0|${user.id}`};
const data = { "roles": [role] };
management.users.assignRoles(params, data, function (err) {
if (err) {
// Handle error.
console.error(err);
}
console.log("success");
cb(null, user, context);
});
} catch (err) {
// Handle error.
console.error(err);
}
};
When a user signs up as aa database connection, they will have the default role.
Here is an FAQ for the Rule route: How do I add a default role to a new user on first login?