I have a post login action like so
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'https://superurlcausewhynot.com';
const { MGMT_SECRET, MGMT_DOMAIN, MGMT_CLIENT_ID } = event.secrets;
const auth0 = require('auth0');
var managementClient = new auth0.ManagementClient({
domain: MGMT_DOMAIN,
clientId: MGMT_CLIENT_ID,
clientSecret: MGMT_SECRET,
});
const existingUserAccounts = await managementClient.getUsersByEmail(event.user.email)
let roles = []
if (event.authorization) {
roles = event.authorization.roles
}
if (existingUserAccounts.length === 2) {
const sorted = existingUserAccounts.sort((a,b) => new Date(a.created_at).getTime() - new Date(b.created_at).getTime());
const originalUser = sorted[0];
const newUser = sorted[1];
const provider = newUser.identities[0].provider;
const providerUserId = newUser.identities[0].user_id;
originalUser.identities = await managementClient.linkUsers(originalUser.user_id, {
provider: provider,
user_id: providerUserId
});
const assignedRoles = await managementClient.getUserRoles({id: originalUser.user_id})
roles = assignedRoles
event.user = originalUser
}
if (roles.length === 0 && event.user.email.endsWith("@superdomain.com")) {
await managementClient.assignRolestoUser({ id: event.user.user_id }, { roles: ['rol_uberAdmin']})
roles = ['rol_uberAdmin']
}
if (roles.length === 0 ){
return api.access.deny(`Access to ${event.client.name} is not allowed for users without a role assigned.`);
}
return {
...event
}
}
It merges the user from google if they were invited through direct email beforehand and assigns a role to the user if they are from a specific domain.
Now my issue is that the token returned from the call is the original token, ie. it doesn’t contain the role / permissions it should after the new role was assigned or the accounts merged (if the one that is being merged in doesn’t have a role).
Is there some way for force token refresh with current user data at this stage ?
update:
seems to be assigning roles and permissions properly for passwordless users, but if the same flow is followed with users coming from the social auth the token doesn’t contain the newly assigned role or it’s permissions.
Thanks in advance!