What is the best way of retrieving user roles?


I am building admin portal where I have to manage auth0 users. Today I ran into an exception (429 too many requests) with the rate limiter on that api “https://AUTH_DOMAIN/api/v2/users/USER_ID/roles”

Current flow of my backend for retrieving users with their roles:

  1. Get all users
  2. Retrieve role for each of the users (a request to “https://AUTH_DOMAIN/api/v2/users/USER_ID/roles” for each of the users to get his role)
  3. Return list of users to UI

Since I have more than 10 users already (and the limit for this endpoint is 10 requests) I started getting errors.

What is the best way to retrieve those roles without actually calling Management API for each user to get the role? Is there a way I can bind the user roles to the metadata with a rule for instance?

Any feedback will be appreciated.

Hi @lyubomir.nikov

Thanks for getting in touch with us at Auth0 Community.

You can add the user roles to the app_metadata of a user account via a Post Login Action. The simplest implementation of this would be as below:

exports.onExecutePostLogin = async (event, api) => {
  var roles = event.authorization.roles;
  api.user.setAppMetadata("roles", roles);

You can read a bit more about this here https://auth0.com/docs/manage-users/user-accounts/metadata/manage-user-metadata

I hope this helps.
Warm regards.

Hello @SaqibHussain,

Thanks for your response!

As an admin for the application I would like to get the roles for each of the users registered for the application - therefore I am not interested in obtaining the role on login.


Hi @lyubomir.nikov

With this Action in place, when a user logs in, their roles will bind to the app_metadata on that user account which is what I think you were trying to achieve. So when you “Get all users” in your point 1, if the app_metadata is also being returned then the roles will also be returned and you won’t need to use “https://AUTH_DOMAIN/api/v2/users/USER_ID/roles”

Tradeoff here though is that you need to wait for all users to login at least once for the app_metadata to populate.

Warm regards.

I have the same issue as @lyubomir.nikov. @SaqibHussain , I think you’re misunderstanding what’s being asked.

Think of an application that provides a user administration view where an admin can come in and assign/unassign roles to users and perform other user management tasks. Naturally, this administration view would show a list of users. Alongside the list of users, we want to show each user’s roles. If this view shows the roles for the displayed users based on what’s in those users’ metadata, it will show out-of-date roles if any of those users have not logged in since the time the admin last changed their roles.

We need a way to get up-to-date roles for a list of users. Because the roles must be up to date, we can’t rely on a post-login action.

Hi @aaron.hardy
Thanks for your feedback.
To get the most up to date information you would have to use the Management API https://auth0.com/docs/api/management/v2#!/Users/get_user_roles

If you’re hitting rate limits as @lyubomir.nikov was then you can handle this in code by inspecting the HTTP response headers e.g. watch out for x-ratelimit-remaining and when it nears 0 you may be able to wait until the x-ratelimit-reset time before retrying, we mention this technique here https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#review-http-response-headers

Warm regards.