I can see roles in Raw JSON for my federated users login, can't see them in my Custom Action

bholman37 · July 17, 2023, 9:30pm

Hello,
I’ve created an application instance in Auth0 and when I log in to my app (asp.net core blazor) with an authorized federated account from a third party I can see the expected roles for that user in it’s Auth0 entry - Raw JSON.

I am using this code in a Custom Action and the action is in the Login flow between Start and Complete.

exports.onExecutePostLogin = async (event, api) => {
const roleClaimName = ‘http://schemas.microsoft.com/ws/2008/06/identity/claims/role’
if (event.authorization) {
console.log(event.authorization);
api.idToken.setCustomClaim(roleClaimName, event.authorization.roles);
api.accessToken.setCustomClaim(roleClaimName, event.authorization.roles);
}
}

event.authorization.roles is empty. In my AD Enterprise login connection I have Basic Profile, Extended Profile and Get user groups checked.

How can I get access to the roles I’m seeing in my Auth0 User’s Raw JSON? (showing as " “roles”: [
“LoadNewThings”,
“Admin”
],")

Thank you!

bholman37 · July 26, 2023, 3:27pm

For anyone curious about this, I heard back on the ticket i created and the answer is we still need to do a Rule for this as Actions do not yet have access to roles provided by a third party identity provider

konrad.sopala · January 8, 2024, 12:46pm

Hey there!

As this topic is related to Actions and Rules & Hooks are being deprecated soon in favor of Actions, I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!

richard.brookes-tee · January 22, 2025, 3:29pm

I was able to get them straight from the user object like this

const adRoles = event.user[‘roles’];

bholman37 · January 22, 2025, 4:35pm

this also works:

exports.onExecutePostLogin = async (event, api) => {
const roleClaimName = ‘http://schemas.microsoft.com/ws/2008/06/identity/claims/role’
if (event.authorization) {
api.idToken.setCustomClaim(roleClaimName, event.authorization.roles);
api.accessToken.setCustomClaim(roleClaimName, event.authorization.roles);
api.idToken.setCustomClaim(‘http://asdf.com/email’, event.user.email);
api.accessToken.setCustomClaim(‘http://asdf.com/email’, event.user.email);
}
}

Topic		Replies	Views
Actions not firing Get Help login-experience , new-universal-login-experience	2	840	December 6, 2023
Roles not coming back in User Get Help react	2	2440	June 23, 2021
Auth0 Roles Action with Blazor Web Application (not API) Get Help login-experience , new-universal-login-experience	4	16	March 31, 2025
Return of users roles Get Help login-experience , login-prompt-new-experience	3	22	March 24, 2025
See the roles of users in the accestoken JWT.io jwt	4	1055	August 25, 2023

I can see roles in Raw JSON for my federated users login, can't see them in my Custom Action

Related topics