After reviewing the code, it seems that there was an improper usage of the management.roles.assignUsers() method. The first parameter passed accepts the role ID of type string. Moreover the event.stats.login_count is not a callable property and should not be needed since the user has 0 logins during this step in the authentication pipeline.
In this case, here is a working example of your solution:
First, in your script, I noticed that you are exiting the Action and skipping role assignment if the logins_count is 0. Since this Action executes after a user registers but before they sign in, the user’s logins_count remains 0. Therefore, I recommend removing that if-condition to allow your Action to execute.
Moreover, the event.stats.logins_count is not a callable property when using a Post User Registration Action. It only exists when using a Post Login Action.
Similarly, a user signing up has their email_verified status set to false until they verify themselves through the Email Verification. Hence, you should also remove this condition to avoid skipping the role assignment.
Lastly, could you please double-check the values stored in your event.secrets? You could call console.log statements to make sure that the values match the ones found in your application.
thanks for your answer. I’ve modified code according to your comments and it stopped failing. But it also stopped working, eg group is not assigned and I even do not see PostUserRegistration hook in the logs
This issue occurs when the requesting application does not have the Client Credentials grant enabled.
To address this, please navigate to your Auth0 Dashboard > Applications > Applications > YOUR_APP and scroll to the bottom of the settings page, and uncollapse the Advanced settings. On there, click on the Grant Types tab and check the Client Credentials grant type.
The suggested solution must use a Machine-to-Machine application to perform the client credentials grant. The M2M app will also need to be granted access to the Management API with all the required scopes (permission).
After that is done, you can request access tokens from the Management API.