Is there a way to assign permissions during bulk upload? I don’t see permissions listed in the bulk upload schema. One approach would be to stash the permissions in meta data then use a hook to apply the permissions using the meta data as the source, but this sounds too hackish to me.
Hi @john.boldt,
It doesn’t look like you will be able to import permissions with the import job endpoint or extensions. The best way I can suggest is to either import them as app_metadata as you have suggested (and convert them in a rule), or to add them after the import programmatically using the management API.
Hope this helps!
Dan
Thanks @dan.woda! Placing the permissions in app_metadata works fine. I was hoping I could then set the JWT’s permissions claim in the rule after the user is authenticated, but apparently you’re not allowed to overwrite the permissions claim. Am I correct?
Instead of writing them to permissions or a custom claim every time the rule is run, have the rule import them via the management API when the user has permissions in app metadata, then delete them from app_metadata when finished. Be careful using the management api in rules, as you can quickly hit the rate limit if you are calling it every authentication. I wrote you a rule that goes through the general flow. Be sure to test this before putting into production . Something like this:
function (user, context, callback) {
user.app_metadata = user.app_metadata || {};
if(!user.app_metadata.importedPermissions) {
console.log("no permissions in app_metadata");
return callback(null, user, context);
}
var ManagementClient = require('auth0@2.23.0').ManagementClient;
var management = new ManagementClient({
token: auth0.accessToken,
domain: auth0.domain
});
var params = { id : user.user_id };
var data = { "permissions": user.app_metadata.importedPermissions};
management.assignPermissionsToUser(params, data, function (err) {
if (err) {
console.log(err);
}
else {
console.log("added permissions to user");
delete user.app_metadata.importedPermissions;
auth0.users.updateAppMetadata(user.user_id, user.app_metadata, function() {
if(err) {
console.log(err);
}
else {
console.log("removed permissions from app_metadata");
}});
}
});
callback(null, user, context);
}
This is expecting app_metadata to have this schema:
"importedPermissions": [
{
"permission_name": "do:something",
"resource_server_identifier": "https://test-api"
}
]
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.