How to access the `tenantid` property on a `User` in an Auth0 action

Hi!

Some of our users authenticates with Azure AD, and we currently have a rule that sets a custom azure_ad_tenant_id claim on the id and access tokens so that the we know which Azure AD tenant the user belongs to by doing:

context.idToken["azure_ad_tenant_id"] = user.tenantid;

As migrating from rules to actions is recommended I tried to create a similar action, but I’m unable to access the tenantid property on the User. When trying to access event.user.tenantid. I get the following error message:

Property 'tenantid' does not exist on type 'User & { multifactor?: string[] | undefined; } & { identities: UserIdentity[]; }'.(2339)

When inspecting the raw JSON on a user I see that it has the tenantid property set.

So the question becomes: how can I access the tenantid property on a User in an Auth0 action?

Hi @oystein-beaufort,

Welcome to the Auth0 Community!

I understand that you have encountered issues when setting the Microsoft Azure AD tenantid claim with Actions.

First, could you please clarify if doing something like console.log(event.user) at the top of your Action script can produce the user object with the tenantid property in the response?

And could you also please confirm if your Rules contains a value when you use the user.tenantid and works as expected?

Note that the User object in Actions and Rules should allow you to retrieve any of the User Profile Attributes, which normally does not include the tenantid property.

Looking forward to your response.

Thank you.

Hi, @rueben.tiow !

The Rule works well. It gets the tenantid from the user and sets it as a custom claim on the JWT.

I’ve tested to add tenantid to the user object in the Action test data, and when logging the user, the tenantid is also logged. But I get aTypeScript-error saying the property does not exist (see image below). Could there be an issue/bug with the property erroneously missing from the user Interface/type? I’d like to avoid using // @ts-ignore in my code if possible, so it would be great if you could fix that in that case!

Thanks

Hi @oystein-beaufort,

My apologies for the late reply!

I have reviewed your screenshot and found you are calling the event.user.tenantid property which does not exist. Instead, you’ll want to call the event.tenant.id to get the Tenant ID.

If you have a moment, please take a look at the Actions Triggers: post-login - Event Object documentation that lists all the event object properties.

Please let me know if there’s anything else I can do to help.

Thank you.

Hi again!

Thanks for your reply, @rueben.tiow , but I don’t think that solves my problem.

I just tested this, but I don’t think event.tenant.id in Actions is the the same as event.user.tenantid in Rules. It seems like event.tenant.id is the Auth0 tenant ID, but what I want to access is the Azure AD tenant ID the user uses to log in with, which in Rules can be accessed via event.user.tenantid.

How can I access the Azure AD tenant id in Actions?

Best regards,
Øystein

Hi @oystein-beaufort,

Thank you for your response and clarification.

I’d like to preface that some of the functionality found in Rules may not be entirely available in Actions yet, but will before the end of life of Rules.

In this scenario, it may be worth trying the event.user.tenantid property in Actions and seeing if it produces any values.

If not, please let me know, and I’ll pass this information along to our Engineers to see if they could fulfill this request sooner.

Looking forward to hearing back on whether this works.

Thank you.

Hi again, @rueben.tiow

I tried to use the event.user.tenantid property (with // @ts-ignore) in my action, but it didn’t work, so I still need to use rules for this case/property.

I’d very much appreciate it if you could notify me when this property is available in actions! :slight_smile:

Thanks

Hi @oystein-beaufort,

Thanks for testing and checking.

I will pass along this information to our Engineers, and hopefully, they will include this compatibility into Actions earlier than scheduled.

I will keep you updated and in the loop on this feature.

Thank you!

Thanks, @rueben.tiow, I appreciate it! :slight_smile:

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.