Using the Management API in Actions

Knowledge Articles

stephanie.chamblee June 23, 2021, 4:40pm 1

Last Updated: Oct 28, 2024

Overview

This article details how to call the Management API in Actions.

Applies To

Management API
Actions

Solution

Please see the below video.

There are plans to expand functionality in Actions even more in the future. Currently, the only built-in method for using the Management API from within Actions is for updating user metadata. Use the api object to update user metadata in a pre-user-registration 27 or post-login action 50:

api.user.setUserMetadata(name, value)
api.user.setAppMetadata(name, value)

If using the Management API for something other than updating metadata, create and authorize a machine-to-machine application 54 for the Action (see steps below).

NOTE: For making updates to the user, it’s recommended not to use a post-user-registration action. Instead, consider using a post-login action (FAQ 63).

Steps for using the Management API in a custom Action:

Create a Machine-Machine Application for the Action:
Authorize it to use the Management API with the required scopes:
Store the application’s credentials in the Action’s event.secrets object:
Find the domain, client ID, and client secret in the application settings of the app created in step 1.
Add the auth0 npm module:
Initialize and use the Management API in the Action:
This post-login Action example adds a default role to the user when they first log in.

exports.onExecutePostLogin = async (event, api) => {
  if (event.stats.logins_count !== 1) {
    return;
  }

  const ManagementClient = require('auth0').ManagementClient;

  const management = new ManagementClient({
      domain: event.secrets.domain,
      clientId: event.secrets.clientId,
      clientSecret: event.secrets.clientSecret,
  });

  const params =  { id : event.user.user_id};
  const data = { "roles" : ["ROLE_ID"]};

  try {
    const res = await management.users.assignRoles(params, data)
  } catch (e) {
    console.log(e)
    // Handle error
  }
};

Related References

How to Use the Management API Auth0 Actions Community Post

9 Likes

Management API in actions

Calling Auth0 API inside Actions

Accesing metadata

Event.User with missing properties executing an Auth0 custom action

Auth0 - Inviting Users & Forgot Password collision

Getting User Permissions During Login Action for Native or SPA

Accessing user_metadata in Auth0 Action

How to Add Roles and Permissions to the ID Token Using Actions

How to send verification email if un-verified login attempted?

Post-user-registration action not triggered after manage API createUser

Update User Metadata from actions or hooks onExecutePostChangePassword flow

Best practice for getting client-side permissions in an SPA

ManagementClient and secrets with cli deployment

Last login date for separate applications in tenant

Updating User Profile from Actions

What's best practice for managing users, roles and permissions in a web app?

setAppMetadata changes in post-login hook not persisted when calling api.access.deny

Efficiently getting full organizations membership for a user

What is the options(client_id,secret) to send to make an api call, in action after post login (onExecutePostLogin)?

Management API returns 401 from quickstart sample

Has anyone seen this error

Create Organization for user on post-login action

Adding user roles to users received from the management APIs

Google workspace groups seemingly unavailable in `onExecutePostLogin`

AuthApiError: Grant type 'client_credentials' not allowed for the client

How can I use `api.user` in a post change password action?

Is there a way to add a Social Login user to a role or org before they sign in the first time?

Actions: How do I *set* an event.user.nickname?

Assigning a Default Role to Users on Sign-Up with Auth0 Actions

How to get identities access_token inside an Action

Actions: How to organize multiple add claims to different apps

My action code seems not to be executed

Adding role on first login using Actions

Logins_count is undefined

Post User Registration Action - Module Not Found

Assigning role to a user on first signup through Action

Assigning default role to a new user post registration or post login not working

Action Backend Call Connection Refused

See the roles of users in the accestoken

Action for Pre User Registration

How can I know if MFA is enabled on my app and which factors are enabled using actions?

Send a Verification Email from a Post-Login Action

Remove Admin Block After Password Reset

How to add roles for user while user registration form angular

Stop Gmail/Ms account with a certain domain from registering or logging in

Automatically Resend Verification Email Upon Login when Link Expires

Conver auth0-account-link-extensions to action

Custom Workaround to Account Linking with Action

Adding custom claims in post-login Action when refreshing token

Update User Metadata from Within a Post Change Password Action

Attribute mapping, after Sign in with Apple

Post User Registration user does not have user.name property

Stop Verification Email from Sending for Certain Applications

Mapping Roles from Salesforce to Auth0

Revoke Refresh Tokens when a User Changes or Reset Password after Account Compromise

Enforce Email Verification by Sending the Email Verification after Each Denied Access

auth0.users.updateAppMetadata() in action

Event.user.groups is not listing all the groups in auth0 actions

Migrating account linking from actions to rule

Auth0 Community Response Videos

Enrich user object with user profile attributes in auth0 Actions

Get app_metadata Stored In Auth0 using Social Connection

Admin Special access

Vue Assign custom roles on creation?

Post user registration action does not trigger

How do I check if a user exists in a different connection, when in action script?

How to add user permissions to ID token

What is the options(client_id,secret) to send to make an api call, in action after post login (onExecutePostLogin)?

Rule migration to Actions: adding properties to event.user. Possible?

How to assign "admin" role, when new user signs up?

Setting temporary password on the server-side, user prompted to reset password upon login w/ temp password

Editing root data on post login action

Revoke refresh tokens after password change

Calling Auth0 API inside Actions

TCPWrapper error during axios inside Auth0 post login action

Permission claim empty if logging on using Organization

Adding role to new user with email domain IF email is verified

Client credentials missing from custom action

How to prevent user-password when user is already registered via passwordless

Adding roles to users post-registration using actions

Under what conditions is `event.transaction (optional)` part of the event?

Set role on sign-up that doesn't change

context.connectionOptions in Actions

Assign roles to Regular Web App in an action

Automatically assign roles to federated OIDC users

Migrating users from one tenant to another

Okta Workforce Entreprise SSO Groups

exports.onExecutePostLogin - event.organization null

Add user to organization from email domain

How to disallow a user to with a same email access another mode of authentication

Topic		Replies	Views
Using the management API in flow actions Help auth0 , actions	6	8025	April 24, 2021
setAppMetadata changes in post-login hook not persisted when calling api.access.deny Knowledge Articles post-login , setappmetadata , api-access-deny	1	1043	May 10, 2023
Custom Workaround to Account Linking with Action Knowledge Articles	1	608	October 3, 2023
Management API in actions Help actions	4	4933	October 11, 2021
ManagementClient and secrets with cli deployment Help management-api , actions-management-api	6	1157	April 26, 2024