Auth0 Home Blog Docs

Rules and first login

lock
rules
login

#1

Hi everyone,

I just set my first rule, which is basically the standard Set roles to a user rule.
I only changed the domain to adapt it to my needs.

So here are the steps :

  1. I create a new user manually, using the dashboard.
  2. I log in with my application (code below).
  3. In the auth0 dashboard, the user has the role property in app_metadata.
  4. But if i inspect the JWT in my app with my browser debugger, i do not have the role property in the payload.
  5. I log out and log in again, the role is set and ready to use.

So am I doing something wrong ?
I guess the rule is fired during the connection, maybe asynchronously making the first login payload not complete.

The front-end is Angular4, here is the Lock code :

  lock = new Auth0Lock(*myClientID*, *myDomain*,
  {
      auth: {
               redirect: true,
               redirectUrl: window.location.origin,
               responseType: "token",
               params: {scope: 'openid roles'}
            },
      language: 'fr',
      theme: {
                logo: '../../assets/img/logo_auth0.jpg',
                primaryColor: '#be0125'
             },
      allowSignUp: false,
      languageDictionary: {
                             title: "Veuillez vous identifier"
                          },
  });

Thank you for your help !
jicey


#2

Metadata attributes are normalized to the root user profile before rules execution - this is why they show up on successive logins, but not during the first login. You can achieve this by doing the following inside your rule, after you have set the metadata:

user.roles = user.app_metadata.roles;

This will return the roles claim on first login as well.


#3

Works exactly as intended, thanks a lot !

Here is my final rule code :

function (user, context, callback) {
  user.app_metadata = user.app_metadata || {};
  // You can add a Role based on what you want
  // In this case I check domain
  var addRolesToUser = function(user, cb) {
    if (user.email.indexOf('@myDomainName') > -1) 
    {
      cb(null, 'admin']);
    } else 
    {
      cb(null, 'user']);
    }
  };

  addRolesToUser(user, function(err, roles) {
    if (err) 
    {
      callback(err);
    } else 
    {
      user.app_metadata.roles = roles;
      // *** New line below ***
      user.roles = user.app_metadata.roles;
      
      auth0.users.updateAppMetadata(user.user_id, user.app_metadata)
        .then(function(){
          callback(null, user, context);
        })
        .catch(function(err){
          callback(err);
        });
    }
  });
}

#4