How to get identities access_token inside an Action

sylvain.conti · October 18, 2022, 3:09pm

This page https://auth0.com/docs/authenticate/database-connections/custom-db/custom-database-connections-scripts/execution#identity-provider-tokens suggests that if I return an access_token and refresh_token in login custom script, the user profile will contains the linked identity.

I can’t find how I can retreive that information inside an Custom post-login action.
event.user.identities only contains basic connection fields:

{ connection: 'custom-backend', isSocial: false, provider: 'auth0', userId: 'custom|2000000|4', user_id: 'custom|2000000|4' }

sylvain.conti · October 18, 2022, 4:04pm

I manage to get it using the management API. But it seems overkill.
Even the test sample in action contains an access token :

"user": {
    "app_metadata": {},
    "created_at": "2022-10-18T15:29:04.063Z",
    "email_verified": true,
    "email": "j+smith@example.com",
    "family_name": "Smith",
    "given_name": "John",
    "identities": [
      {
        "connection": "Username-Password-Authentication",
        "isSocial": false,
        "provider": "auth0",
        "userId": "5f7c8ec7c33c6c004bbafe82",
        "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gU21pdGgiLCJpYXQiOjE1MTYyMzkwMjJ9.Q_w2AVguPRU2KskCXwR7ZHl09TQXEntfEA8Jj2_Jyew",
        "profileData": {},
        "user_id": "5f7c8ec7c33c6c004bbafe82"
      }

raunakdaga · June 11, 2023, 9:45pm

How did you actually get the access token of the user in an action? I am running into the same issue, and the code I’m using with the management API isn’t working.

Here it is.

try {
    const auth0Domain = 'MY AUTH0 DOMAIN';
    const auth0ManagementApiClientId = event.secrets.CLIENT_ID
    const auth0ManagementApiClientSecret = event.secrets.CLIENT_SECRET
    const userId = event.user.user_id;

    const response = await axios.post(
      `https://${auth0Domain}/oauth/token`,
      {
        grant_type: 'client_credentials',
        client_id: auth0ManagementApiClientId,
        client_secret: auth0ManagementApiClientSecret,
        audience: `https://${auth0Domain}/api/v2/`,
        scope: 'read:users',
        subject: userId,
      }
    );

    const accessToken = response.data.access_token;

    await axios.post('MY API URL', {
    }, {
      headers: {
        Authorization: `Bearer ${accessToken}`,
      },
    })

    console.log('Successfully called the API');

  } catch (error) {
    // Handle error response
    console.error('Error retrieving access token:', error);
  }

This code is succesful in getting A access token, but it’s not the same as the users, which I’ve verified by manually printing out the access token from this request and a valid request on the backend. So whos accces token is it, I don’t know??

Any help?

sylvain.conti · June 12, 2023, 5:54am

I only wanted to get the delegated access_token. You cannot access the actual auth0 token.

customautosys · November 11, 2023, 3:38am

Hi, facing same problem.

konrad.sopala · January 8, 2024, 1:10pm

Hey there!

As this topic is related to Actions and Rules & Hooks are being deprecated soon in favor of Actions, I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!