React SPA getAccessTokenSilently not updating user object's roles

Please include the following information in your post:

  • Which SDK this is regarding: e.g. @auth0/auth0-react
  • SDK Version: 1.2.0
  • Platform Version: e.g. Npm 6.14.8

I have roles assigned via rules to id_token. When a new user signs in (google auth or sign up page) we don’t get the roles assigned in id_token or the user object. getAccessTokenSilently({ ignoreCache: true }); works around the problem of id_token not having the claims. As of 1.2.0 changelist states that user object is also updated when getAccessTokenSilently is called, however, it’s not updated with roles. Any help would be appreciated.

Hi @erman,

Welcome to the Community!

I took a look at the rule via our internal tools, and it looks like callback(null, user, context); is being called at the bottom of the rule before the async management.users.assignRoles method completes.

If you remove the last callback(null, user, context); at the bottom of the rule, the user’s roles should be included in the ID Token.

Thanks Stephanie,

You were right, I forgot the last callback, which ran before the reply from assignRoles to management api. Which fixed the role issue, however, now I don’t get the user_metadata which I see when I test the rules script. I don’t see anything obvious unfortunately.

Additional info, for some reason this works for existing google user I created a while ago.

Just to double check that the user has metadata, when you go to Users & Roles (or User Management) in your dashboard and click on the new user, do they have any user_metadata?

Yes the user has user_metadata set. (

As a test, I added

	idTokenClaims[`${namespace}/user_metadata`] = user.user_metadata;
	idTokenClaims[`${namespace}/test`] = "test";

alongside user.user_metadata, which I receive on SPA side in the token claims successfully. However, I don’t get user_metadata.

Hm, I just tried copying Set roles to a user and Add roles and metadata to tokens into my own tenant and I’m getting the user metadata in the token.

Are you testing both rules together?

Hi, yes I both tried “TRY ALL RULES WITH” option, as well as full flow in SPA (I use auth-react lib), result is the same.

Now I added the same rule one more time, which fixed getting the user_metadata on the second login (redirect after signup still doesn’t give the user_metadata object in the token) It looks like this full e2e flow needs to be tested on your side, Please let me know if I can provide anything.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.