Rules to Actions Not working

Help
,
1

I have rules and have to migrate to actions by the 18th i’ve created the equivalent action but the action is not completing the login flow. Im using passport and the session user is coming back null and but in rules it works fine is there something im missing? The passport user is reading null for all session claims info.

 name: {},
  _json: {
    'https://xxx.com/company': null,
    'https://xxx.com/userId': null,
    'https://xxx.com/claim/firstName': null,
    'https://xxx.com/claim/lastName': null,
    'https://xxx.com/claim/orgId': null,
    'https://xxx.com/claim/userId': null,
    'https://xxx.com/claim/roleId': null,
    'https://xxx.com/claim/ad_user': null
  },
  _raw: '{"https://xxx.com/company":null,"https://xxx.com/userId":null,"https://xxx.com/claim/firstName":null,"https://xxx.com/claim/lastName":null,"https://xxx.com/claim/orgId":null,"https://xxx.com/claim/userId":null,"https://xxx.com/claim/roleId":null,"https://xxx.com/claim/ad_user":null}'

(function mapUserObject(user, context, callback) {
  'use strict';
  var ManagementClient = require('auth0@2.17.0').ManagementClient;
  var management = new ManagementClient({
    token: auth0.accessToken,
    domain: auth0.domain
  });
  


  const employeeIdCol = "employee_id";
  const companyCol = "organization_slug";
  const emailCol = "email";
  const lastNameCol = "last_name";
  const firstNameCol = "first_name";
  const orgIdCol = "organization_id";
  const pictureCol = "picture";
  const positionCol = "position";
  const scopeNameCol = "get_scopes_for_employee";
  const userIdCol = "user_id";

  var namespace = 'https://xxx.com';
  let legacyCompanyClaim = `${namespace}/company`;
  let legacyUserIdClaim = `${namespace}/userId`;
  let employeeIdClaim = `${namespace}/claim/employeeId`;
  let firstNameClaim = `${namespace}/claim/firstName`;
  let lastNameClaim = `${namespace}/claim/lastName`;
  let orgIdClaim = `${namespace}/claim/orgId`;
  let positionClaim = `${namespace}/claim/position`;
  let userIdClaim = `${namespace}/claim/userId`;
  let scopeClaim = `${namespace}/claim/scope`;
  let role_id    = `${namespace}/claim/roleId`;
  let ad_user    = `${namespace}/claim/ad_user`;
  
  
  
  console.log(context);
  console.log();
  context.accessToken[legacyCompanyClaim] = user.app_metadata.company;
  context.accessToken[legacyUserIdClaim] = user.email;
  context.accessToken[firstNameClaim] = user.app_metadata.first_name;
  context.accessToken[lastNameClaim] = user.app_metadata.last_name;
  context.accessToken[orgIdClaim] = user.app_metadata.org_id;
  context.accessToken[userIdClaim] = user.app_metadata.xxx_user_id;
  context.accessToken[role_id] = user.app_metadata.role_id;
  context.accessToken[ad_user] = user.app_metadata.ad_user;
  context.idToken[legacyCompanyClaim] = context.accessToken[legacyCompanyClaim];
  context.idToken[legacyUserIdClaim] = context.accessToken[legacyUserIdClaim];
  context.idToken[firstNameClaim] = context.accessToken[firstNameClaim];
  context.idToken[lastNameClaim] = context.accessToken[lastNameClaim];
  context.idToken[orgIdClaim] = context.accessToken[orgIdClaim];
  context.idToken[userIdClaim] = context.accessToken[userIdClaim];
  context.idToken.family_name = context.idToken[lastNameClaim];
  context.idToken.given_name = context.idToken[firstNameClaim];
  context.idToken[role_id]   = context.accessToken[role_id];
  context.idToken[ad_user]   = context.accessToken[ad_user];
  
  var params = { id: user.user_id};

  management.getUserPermissions(params, function (err, permissions) {
    
    var permissionNames = [];
    permissions.forEach(function(obj) { permissionNames.push(obj.permission_name); });
    
    if (err) {
      // Handle error.
    }
    context.accessToken[scopeClaim] = permissionNames;    
    callback(null, user, context);
  });
 
})

Here is my Custom Action

 var map = require('array-map');
 var ManagementClient = require('auth0').ManagementClient;
exports.onExecutePostLogin = async (event, api) => {
  var management = new ManagementClient({
    domain: event.secrets.domain,
    clientId: event.secrets.client_id,
    clientSecret: event.secrets.client_secret,
  });
  var params = { id: event.user.user_id};


  
  const namespace = 'https://xxx.com';
  if (event.authorization) {
    console.log(event.user.name)
    let legacyCompanyClaim = `${namespace}/company`;
    let legacyUserIdClaim = `${namespace}/userId`;
    let employeeIdClaim = `${namespace}/claim/employeeId`;
    let firstNameClaim = `${namespace}/claim/firstName`;
    let lastNameClaim = `${namespace}/claim/lastName`;
    let orgIdClaim = `${namespace}/claim/orgId`;
    let positionClaim = `${namespace}/claim/position`;
    var userIdClaim = `${namespace}/claim/userId`;
    var scopeClaim = `${namespace}/claim/scope`;
    let role_id    = `${namespace}/claim/roleId`;
    let ad_user    = `${namespace}/claim/ad_user`;
    //Id_token
    api.idToken.setCustomClaim(legacyCompanyClaim, api.accessToken[legacyCompanyClaim]);
    api.idToken.setCustomClaim(legacyUserIdClaim, api.accessToken[legacyUserIdClaim]);
    api.idToken.setCustomClaim(firstNameClaim, api.accessToken[firstNameClaim]);
    api.idToken.setCustomClaim(lastNameClaim, api.accessToken[lastNameClaim]);
    api.idToken.setCustomClaim(orgIdClaim, api.accessToken[orgIdClaim]);
    api.idToken.setCustomClaim(userIdClaim, api.accessToken[userIdClaim]);
    api.idToken.setCustomClaim(role_id , api.accessToken[role_id]);
    api.idToken.setCustomClaim(ad_user , api.accessToken[ad_user]);
    api.idToken.family_name = api.idToken[lastNameClaim];
    api.idToken.given_name = api.idToken[firstNameClaim];
    //access_token
    api.accessToken.setCustomClaim(legacyCompanyClaim, event.user.app_metadata.company);
    api.accessToken.setCustomClaim(legacyUserIdClaim, event.user.email);
    api.accessToken.setCustomClaim(firstNameClaim, event.user.app_metadata.first_name);
    api.accessToken.setCustomClaim(lastNameClaim, event.user.app_metadata.last_name);
    api.accessToken.setCustomClaim(orgIdClaim, event.user.app_metadata.org_id);
    api.accessToken.setCustomClaim(userIdClaim, event.user.app_metadata.xxx_user_id);
    api.accessToken.setCustomClaim(role_id , event.user.app_metadata.role_id);
    api.accessToken.setCustomClaim(ad_user , event.user.app_metadata.ad_user);
  }

  var params = { id: event.user.user_id};
  var permissionsArray  = []

  try{

   var userPermissions = await management.getUserPermissions(params) 
   permissionsArray = map(userPermissions, function (permission) 

    {

      return permission.permission_name;

    }

  );
    
    } catch (e) {
    console.log(e)
    // Handle error
  }
    // @ts-ignore
   
 
    return api.accessToken.setCustomClaim(scopeClaim ,permissionsArray);
   
}
2

@rueben.tiow can you help with this one?

3

@adam.housman can you help with this one

5

Hi @rwebb,

Welcome to the Auth0 Community!

I reviewed your custom action and noticed that you are setting the custom claim in a way that is not allowed.

You should be using the method in the following way: api.accessToken.setCustomClaim(name, value)

In this case, it should be api.accessToken.setCustomClaim(legacyCompanyClaim, event.user.app_metadata.company)

Thanks,
Rueben

6

@rueben.tiow my accesstoken and ID token appear right after setting the custom claim its just my user in passport.js is coming back null after authentication. Thanks for getting back

7

@rueben.tiow I feel like in rules this was handled with a call back…

8

@rueben.tiow it worked thanks