Link account and use roles from the other account

Is it possible to have access to the roles of the linked account?

We put core authorisation roles in the access token for access control in our backend. We invite users to our system by creating a user/pwd user with the initial roles. Then when the user logs in with their social login we link the two accounts by email. For this first login to succeed (as in carry the roles needed) we need the roles to be the one in the user/pwd profile - the linked account.

Can this be done? With the authorisation extension we did this - but I’m not able to replicate when migrated to core.

Have you explored using the following Management API endpoints?

After you call the Search users by email endpoint in your rule, you should be able to use these endpoints to read the user/pwd identity’s roles and assign them to social identity.

Yes, using auth0.accessToken as Bearer I got 403. Read roles not granted.

It is not clear to me what client that accessToken is generated for and how to adjust it. Is an alternative to create a specific client and use the client secret and id to fetch an accessToken with sufficient grants?

Please take a look at this article:

The auth0.accessToken has the read:users and update:users scopes, but you’ll need to include a different version of the node-auth0 Node.js library in order to access the the Roles endpoints.

Once you’ve created an instance of the Management client, you can then call the corresponding endpoints with the getUserRoles and assignRolesToUser functions.

You can review the full documentation for the node-auth0 library here:

Thanks for great feedback.

The client for the web app did not have read:role scope needed, and I opted to create a dedicated machine to machine client with the necessary scopes and then use the management API in the rules to fetch and set.

In addition to the link you provided I found relevant doc in these:

https://auth0.github.io/node-auth0/module-management.ManagementClient.html#getUserRoles

Thanks!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.