Hi,
I would like to pre-defined roles to some users based on the email list I have, so that whenever that person register an account it would automatically assigned to a role if their email match with one of my email list.
I’m using Authorization Extension to manage roles. Can anyone help me how to do this?
Cheers,
Andre
Can anyone help regarding this topic please?
I tried using rules to call authorization extension API to add user to a role, the problem with this method is that user who just register will not immediately get the access, instead the role will only appear after the 2nd login.
I also tried using hooks, I tried both post-registration and pre-registration.
For post registration, I don’t know why but my script to use the authorization extension API seems not executed properly. I can see from the log the it is indeed calling the API to assign the role to the user, but the user permission is not updated.
For pre registration, I can’t use it because in pre-registration script user_id does not exist, and this is needed for calling auth extension API for adding user to roles.
1 Like
I encountered same issue, any solution to that?
But instead of using rules. I was using action in onExecutePostLogin. I get log saids:
Which in first login that happens right after user signup, it failed. (although Assign roles to a user is happen before login fail, my guess will be it uses the old token with no role to attempt the login)Then If I try login again, it will work since the role is assigned. I guess there’s some state missmatch, I want to know if there’s solution to address this so use can login right after they signup
exports.onExecutePostLogin = async (event, api) => {
event.user.app_metadata = event.user.app_metadata || {};
if (event.user.app_metadata.INITIAL_ROLE_ASSIGNED) return;
// Do initial signup stuff (role assignment) here
const ManagementClient = require('auth0').ManagementClient;
const management = new ManagementClient({
domain: event.secrets.domain,
clientId: event.secrets.client_id,
clientSecret: event.secrets.client_secret,
});
const params = { id : event.user.user_id};
const all_application_access_role = { "roles" : ["rol_3x1T5kuIDdkKQJQu"]};
try {
// if user email end with @****.com, assign all application access
if (event.user.email && event.user.email.endsWith("@****.com")) {
const res = await management.assignRolestoUser(params, all_application_access_role)
}
} catch (e) {
console.log(e)
}
api.user.setAppMetadata('INITIAL_ROLE_ASSIGNED', true);
};