How to access the `tenantid` property on a `User` in an Auth0 action

Hi!

Some of our users authenticates with Azure AD, and we currently have a rule that sets a custom azure_ad_tenant_id claim on the id and access tokens so that the we know which Azure AD tenant the user belongs to by doing:

context.idToken["azure_ad_tenant_id"] = user.tenantid;

As migrating from rules to actions is recommended I tried to create a similar action, but I’m unable to access the tenantid property on the User. When trying to access event.user.tenantid. I get the following error message:

Property 'tenantid' does not exist on type 'User & { multifactor?: string[] | undefined; } & { identities: UserIdentity[]; }'.(2339)

When inspecting the raw JSON on a user I see that it has the tenantid property set.

So the question becomes: how can I access the tenantid property on a User in an Auth0 action?

Hi @oystein-beaufort,

Welcome to the Auth0 Community!

I understand that you have encountered issues when setting the Microsoft Azure AD tenantid claim with Actions.

First, could you please clarify if doing something like console.log(event.user) at the top of your Action script can produce the user object with the tenantid property in the response?

And could you also please confirm if your Rules contains a value when you use the user.tenantid and works as expected?

Note that the User object in Actions and Rules should allow you to retrieve any of the User Profile Attributes, which normally does not include the tenantid property.

Looking forward to your response.

Thank you.

Hi, @rueben.tiow !

The Rule works well. It gets the tenantid from the user and sets it as a custom claim on the JWT.

I’ve tested to add tenantid to the user object in the Action test data, and when logging the user, the tenantid is also logged. But I get aTypeScript-error saying the property does not exist (see image below). Could there be an issue/bug with the property erroneously missing from the user Interface/type? I’d like to avoid using // @ts-ignore in my code if possible, so it would be great if you could fix that in that case!

Thanks