Using another user identifier (UUID) than the user_id

jmangelo · April 3, 2017, 10:39pm

You can make use of the uuid NPM package in rules as a quick way to generate a UUID that can then be assigned to each user.

I’m including a sample rule that upon user login generates a UUID for the user, if one hasn’t been provided yet. After ensuring that every user is provisioned with a UUID the rule also exposes that information in any issued ID token or access token through the means of custom claim.

function (user, context, callback) {
  var uuid = require("uuid");

  user.app_metadata = user.app_metadata || {};

  var promise = Promise.resolve(1);

  if (!user.app_metadata.uuid) {
    user.app_metadata.uuid = uuid();

    promise = auth0.users.updateAppMetadata(user.user_id, user.app_metadata);
  }

  promise.then(() => {
    if (context.idToken) {
      // Include the uuid in the issued ID token if applicable
      context.idToken"http://example.com/uuid"] = user.app_metadata.uuid;
    }

    if (context.accessToken) {
      // Include the uuid in the issued access token if applicable
      context.accessToken"http://example.com/uuid"] = user.app_metadata.uuid;
    }
    
    callback(null, user, context);
  }).catch(callback);
}

Have in mind that the above rule is meant to be used along with the recent OIDC conformance flows and/or API Authorization features. With these flows, custom claims need to be added explicitly to the generated tokens and also have to use a namespace. (for more information check the OIDC-conformant authentication adoption guide)

If you’re not making use of these flows, which would be the case if you used /oauth/ro then you will be able to include custom claims in the issued ID Token by including it the requested scope scope=openid+uuid. In this scenario, namespaces are not required and the uuid claim would be returned if the user contained a matching property with that name either as a root property or as a property of app_metadata. The following revised rule should address the situation you mentioned regarding /oauth/ro:

function (user, context, callback) {
  var uuid = require("uuid");

  user.app_metadata = user.app_metadata || {};

  var promise = Promise.resolve(1);

  if (!user.app_metadata.uuid) {
    user.app_metadata.uuid = uuid();
    user.uuid = user.app_metadata.uuid;

    promise = auth0.users.updateAppMetadata(user.user_id, user.app_metadata);
  }

  promise.then(() => {
    callback(null, user, context);
  }).catch(callback);
}

Topic		Replies	Views
Using Customer user_id Instead of an Auth0 Generated user_id Knowledge Articles	1	513	October 25, 2023
Best practice for migrating user ids Help auth0	4	4587	February 19, 2021
Set the user_id for a new user via auth0.js Help user-creation	10	9275	August 29, 2019
How user_id at auth0 created Help	8	8901	February 21, 2020
Rule not used when creating a user via the Management API, is there an alternative approach? Help rules , managment-api-v2 , actions	4	1373	January 17, 2023

Using another user identifier (UUID) than the user_id

Related topics