Hello!
I am migrating Rules into Actions and I am running into an issue when logging in with a fresh user into my Qlik application. Currently, we manually add users into auth0 directly. Thereafter, we use the Auth0 extension to manually add them to a group for which they will access their restricted content. When creating a new user and attempting to log in, it throws a 400 error “Bad Request”.
However, in auth0 it sets the App Metadata correctly when checking it in the User Details of any user. Every attempt after the first one succeeds and never throws an error. I checked the event.user.app_metadata before and after the setAppMetadata call and it shows empty both times as detoned by my comments below.
console.log(JSON.stringify(event.user.app_metadata)); //EMPTY
let policy = await getPolicy(event, api);
if(policy.status !== 200){
api.access.deny("Access Denied");
}
api.user.setAppMetadata("groups", policy.data.groups);
api.user.setAppMetadata("authorization", {groups: mergeRecords(event.user.app_metadata.groups, policy.data.groups)});
console.log("AFTER: " + JSON.stringify(event.user.app_metadata)); //EMPTY
)
Reading about setAppMetadata it seems to always run last to reduce rate limit. Worth noting is that policy.data.groups has data, but event.user.app_metadata.groups is undefined, as well as event.user.app_metadata.authorization.groups. I tried looking into postUserRegistration, but it seems like it doesn’t accept setAppMetadata for the user. Is there a workaround to ensure these values are set before the login is completed?
Thanks!