Rule and action with the same business logic behave differently during post login

fediazgon · April 18, 2023, 12:49pm

Hi! I’ve tried to add custom claims (role assigned to the user) to my token by following the documentation: Add user roles to ID and Access tokens. However, I can see in the token returned to my web app that these claims are not inserted. I think this is due to the fact the object event.authorization is null.

However, when I create an action that does the same:

function (user, context, callback) {
  console.log(context);
  const ns = "https://example.io/";
  context.idToken[ns + 'roles'] = context.authorization.roles;
  callback(null, user, context);
}

I can see that now the claims are inserted. I also see in the debugger that context.authorization is not null.

Any reason why this might be happening?

tyf · April 18, 2023, 10:04pm

Hi there @fediazgon welcome to the community!

fediazgon:

However, when I create an action that does the same:

function (user, context, callback) {
  console.log(context);
  const ns = "https://example.io/";
  context.idToken[ns + 'roles'] = context.authorization.roles;
  callback(null, user, context);
}

The code shared is specific to a rule - Just to be clear, is it this code that is working or your Action code?

Please see below for an FAQ on how to add custom claims with an Action. Actions being the newer extensibility feature are preferred to rules.

Let us know!

neskemiquel · April 25, 2023, 5:40am

fediazgon:

Hi! I’ve tried to add custom claims (role assigned to the user) to my token by following the documentation: Add user roles to ID and Access tokens . However, I can see in the token returned to my web app that these claims are not inserted. I think this is due to the fact the object event.authorization is null.

However, when I create an action that does the same:
function (user, context, callback) {
  console.log(context);
  const ns = "https://example.io/";
  context.idToken[ns + 'roles'] = context.authorization.roles;
  callback(null, user, context);
}
I can see that now the claims are inserted. I also see in the debugger that context.authorization is not null.

Any reason why this might be happening?

Hello,
It’s possible that the event.authorization object is null because it is not available at the time the custom claims are being added to the token. According to the documentation you linked, the event.authorization object is only available for certain event types, such as sso or user signed up.

On the other hand, the context object is available at various points during the authentication flow, and includes information about the current user and their authentication state. It’s possible that the context.authorization object is populated with the necessary information needed to add the custom claims to the token.

Without more information about your specific authentication flow and how it’s configured, it’s hard to say for sure why event.authorization is null in one case and not the other. However, using the context object to add custom claims is a valid approach and is documented by Auth0. hope so it is beneficial for you . Clover Dashboard Login

konrad.sopala · January 8, 2024, 8:48am

Hey there!

As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!