identifier when invoking hosted page to add authorization extension role/group?

I would like to issue invitations to users so they can signup to my hosted page on auth0, and when they register I’d like to add an Authentication Extension group and role so that they’re available in the issued JWT when they log in. They can use either username/password or facebook/gmail login.

I’m not sure how to best accomplish this with my current setup—I’m launching the hosted page from auth0-js via auth0-lock, and I assume that I will need to add another rule which adds the correct role and group to the new user record. Is there a way to pass a unique identifier in via auth0-js so that I can look the group and role up in my API from a Rule? Should I pass this identifier via the scope? Or is there a better way to do this?

Did you ever figure this out?

I just revisited this and I believe the correct way to do it with Auth0.js on an SPA is this:

  • A new user arrives at my site , e.g. /signup_with_role
  • I redirect that new user to sign up without a role on the hosted auth0 page using .authorize()
  • On successful account creation at auth0, the user is redirected back to my site, and I create the account locally
  • I use the Management API to set a role for the user at Auth0
  • I issue a NEW token by calling .checkSession().

There are plenty of posts recommending .renewAuth(), but that has been deprecated in favour of checkSession().

You also need to configure Allowed Web Origins in the API, or you’ll get an error like The specified redirect_uri ... does not have a registered origin.

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?