What is the best way of retrieving user roles?

lyubomir.nikov · August 11, 2022, 1:46pm

Hello!

I am building admin portal where I have to manage auth0 users. Today I ran into an exception (429 too many requests) with the rate limiter on that api “https://AUTH_DOMAIN/api/v2/users/USER_ID/roles”

Current flow of my backend for retrieving users with their roles:

Get all users
Retrieve role for each of the users (a request to “https://AUTH_DOMAIN/api/v2/users/USER_ID/roles” for each of the users to get his role)
Return list of users to UI

Since I have more than 10 users already (and the limit for this endpoint is 10 requests) I started getting errors.

What is the best way to retrieve those roles without actually calling Management API for each user to get the role? Is there a way I can bind the user roles to the metadata with a rule for instance?

Any feedback will be appreciated.
Thanks,
Lyubomir

SaqibHussain · August 12, 2022, 8:15am

Hi @lyubomir.nikov

Thanks for getting in touch with us at Auth0 Community.

You can add the user roles to the app_metadata of a user account via a Post Login Action. The simplest implementation of this would be as below:

exports.onExecutePostLogin = async (event, api) => {
  var roles = event.authorization.roles;
  api.user.setAppMetadata("roles", roles);
};

You can read a bit more about this here https://auth0.com/docs/manage-users/user-accounts/metadata/manage-user-metadata

I hope this helps.
Warm regards.

lyubomir.nikov · August 12, 2022, 8:30am

Hello @SaqibHussain,

Thanks for your response!

As an admin for the application I would like to get the roles for each of the users registered for the application - therefore I am not interested in obtaining the role on login.

Regards

SaqibHussain · August 12, 2022, 8:59am

Hi @lyubomir.nikov

With this Action in place, when a user logs in, their roles will bind to the app_metadata on that user account which is what I think you were trying to achieve. So when you “Get all users” in your point 1, if the app_metadata is also being returned then the roles will also be returned and you won’t need to use “https://AUTH_DOMAIN/api/v2/users/USER_ID/roles”

Tradeoff here though is that you need to wait for all users to login at least once for the app_metadata to populate.

Warm regards.

aaron.hardy · October 13, 2022, 4:47am

I have the same issue as @lyubomir.nikov. @SaqibHussain , I think you’re misunderstanding what’s being asked.

Think of an application that provides a user administration view where an admin can come in and assign/unassign roles to users and perform other user management tasks. Naturally, this administration view would show a list of users. Alongside the list of users, we want to show each user’s roles. If this view shows the roles for the displayed users based on what’s in those users’ metadata, it will show out-of-date roles if any of those users have not logged in since the time the admin last changed their roles.

We need a way to get up-to-date roles for a list of users. Because the roles must be up to date, we can’t rely on a post-login action.

SaqibHussain · October 16, 2022, 2:36pm

Hi @aaron.hardy
Thanks for your feedback.
To get the most up to date information you would have to use the Management API https://auth0.com/docs/api/management/v2#!/Users/get_user_roles

If you’re hitting rate limits as @lyubomir.nikov was then you can handle this in code by inspecting the HTTP response headers e.g. watch out for x-ratelimit-remaining and when it nears 0 you may be able to wait until the x-ratelimit-reset time before retrying, we mention this technique here https://auth0.com/docs/troubleshoot/customer-support/operational-policies/rate-limit-policy#review-http-response-headers

Warm regards.

merton · February 16, 2024, 9:30pm

In a similar situation creating an alternative admin dashboard.
For anyone still looking for an alternative solution here, I think it’s better if we flip this around.

Instead of trying to get all users and their roles, you can get all roles, and then get all those role’s members. Combining this with getting all users allows you to do 3 requests instead on n user requests. This also works if you want to get all your user’s organizations. Get all orgs, then get their members.

system · May 15, 2024, 1:08pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

dawid.matuszczyk · July 11, 2024, 1:12pm

Hi folks!

I just wanted to update this topic, if you want to fetch the members who belong to an organization you use the ENDPOINT GET /api/v2/organizations/{id}/members

This endpoint will allow you to list organization members. By setting the settings parameter fields=roles, you’ll retrieve the roles assigned to each listed member.

To use this parameter, you must include the read:organization_member_roles scope in the token.

Thanks
Dawid

Topic		Replies	Views
How to retrieve roles and user list with 700 roles and 2000-5000 users (Management API) Help management-api , roles	3	153	July 31, 2024
Getting roles of each user issue Help auth0 , api	10	4559	August 12, 2024
Get users AND all assigned roles Help	4	4498	November 13, 2019
List users via management API, missing roles Help management-api , roles	2	3177	November 12, 2020
Management API return a user's roles in GetUsers and GetUser Feedback auth0 , api , management_api , role , users-list	0	55	July 12, 2024

What is the best way of retrieving user roles?

Related topics