Overview
This article explains the cause of an error that occurs within an Auth0 Action when the api.authentication.setPrimaryUser() method is called. This issue prevents the proper construction of the login user, which leads to authentication failures. The following error is generated:
Unable to construct login user
Applies To
- Auth0 Actions
Cause
The error occurs because the api.authentication.setPrimaryUser() method requires a valid user ID from a primary identity, which must include its strategy prefix (e.g., auth0|1234abc).
The method fails if the provided user ID is incomplete (e.g., "1234abc" without the prefix) or if the ID corresponds to a secondary identity instead of an established primary user profile.
Solution
To resolve this error, ensure the api.authentication.setPrimaryUser() method is called with a valid and complete user ID.
- Provide the full user ID of a primary identity to the
api.authentication.setPrimaryUser()method, including the strategy prefix. - Verify the
user_idcorresponds to an actual primary user profile and not a secondary identity.
This situation can be common in demo applications where it is necessary to link several email addresses to one demo account’s User ID (Universally Unique Identifier (UUID)) to ensure all logins use that single demo account. Review and adapt the following code sample for the specific use case:
exports.onExecutePostLogin = async (event, api) => {
const demoUserId = "auth0|123abc";
if (event.client.name == "DemoApp") {
await api.authentication.setPrimaryUser(demoUserId);
}
};