Hey im using post login action to get my user role from user mangement api and i want to transfer this role in the access toke that could get it in my express backend in req.oidc.user .
Im using express-openid-connect on my backend but seems like i dont get any role on the backend.
any idea how i can make it work?
exports.onExecutePostLogin = async (event, api) => {
const ManagementClient = require('auth0').ManagementClient;
const management = new ManagementClient({
domain: event.secrets.domain,
clientId: event.secrets.clientId,
clientSecret: event.secrets.clientSecret,
});
const namespace = 'http://localhost:3000';
try {
// Get the list of global roles for a user
const roles = await management.getUserRoles({
id: event.user.user_id,
});
const roleNames = roles.map((role) => role.name);
api.idToken.setCustomClaim(`${namespace}/roles`, roleNames);
api.accessToken.setCustomClaim(`${namespace}/roles`, roleNames);
} catch (e) {
console.log(e);
}
};
You will want to avoid calling the management API every time a user authenticates, as you will quickly run into the rate limit.
Try this code instead:
/**
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'https://my-app.example.com';
if (event.authorization) {
api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
api.accessToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
}
}
If this doesn’t solve it, can you share how you are trying to access the roles in your backend?
Hey thanks for help, i did resolve the backend by using mangement api library of auth0.
And this is my new action of post login those this make more sense now ?
/**
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
if (event.authorization) {
const namespace = 'http://localhost:3000';
if(event.stats.logins_count === 1) {
const ManagementClient = require("auth0").ManagementClient;
// Get the user ID from the event data
const userId = event.user.user_id;
const user = "rol_SIxIDjSx9yJs0mbZ";
// Initialize the ManagementClient
const management = new ManagementClient({
domain: 'dev-yr71h8521c4gjrf0.us.auth0.com', // Update this to your actual Auth0 domain in production
clientId: 'Q9eh4TulIhNL9nCe1bKlOuaCxbXNnRr9',
clientSecret: 'Dv5vdJPseW--0LudpyiqhBkuvnfFqfqzv8jRThGbNA8iXXVXmjfGGVAURL4zZGtv',
});
// Assign the desired role(s) to the user
api.idToken.setCustomClaim(`${namespace}/roles`, ["user"]);
api.accessToken.setCustomClaim(`${namespace}/roles`, ["user"]);
await management.assignRolestoUser({ id: userId }, { roles: [user] });
return;
}
api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
api.accessToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
}
}