Auth0 IdP Automation

Auth0 Rules: Authentication transaction flow
Auth0 Rules: Authentication transaction flow

WUSON Practice Field for Wentz Wu (a CISSP test bank) relies on the identity provider, Auth0, for authentication. When a user logs into the system for the first time, the system will create an account on Auth0 automatically. However, a user needs some roles to get access to the test bank.

The New Feature: Actions

Auth0 provides legacy rules and hooks, replaced by actions, to integrate the authentication pipeline. Tenants can assign roles to a user automatically through rules and hooks. At first, I used the new “actions” feature to do so, which is released to supersede rules and hooks.

Auth0 Actions: Post User Registration - Assign Roles to Users
Auth0 Actions: Post User Registration – Assign Roles to Users
/**
* Handler that will be called during the execution of a PostUserRegistration flow.
*
* @param {Event} event - Details about the context and user that has registered.
*/
exports.onExecutePostUserRegistration = async (event) => {
  var axios = require('axios').default;

  var api = 'https://{DOMAIN}/api/v2/users/' + event.user.user_id + '/roles';

  var options = {
    method: 'POST',
    url: api,
    headers: {
      'content-type': 'application/json',
      authorization:
        'Bearer {ACCESS TOKEN}',
      'cache-control': 'no-cache',
    },
    data: {
      roles: ['{ROLE ID}'],
    },
  };

  axios
    .request(options)
    .then(function(response) {
      console.log(response.data);
    })
    .catch(function(error) {
      console.error(error);
    });
};

The Legacy Feature: Hooks

However, I found out the old development user interface for Hooks is cooler than the one for the new Actions feature.

Auth0 Hooks: Post User Registration - Development Console
Auth0 Hooks: Post User Registration – Development Console

The Legacy Feature: Rules

It a pity that both Actions and Hooks apply to database connections only (Auth0 accounts) only, but not social media connections. They cannot solve my problem, as I need to assign roles to a user when they log in or register an account for the first time. So, I turn to rules:

function setRolesToUser(user, context, callback) {
    const ManagementClient = require('auth0@2.27.0').ManagementClient;
    const management = new ManagementClient({
      token: auth0.accessToken,
      domain: auth0.domain
    });
  
    const count = context.stats && context.stats.loginsCount 
                  ? context.stats.loginsCount
                  : 0;
    if (count > 1) {
        return callback(null, user, context);
    }

    const params =  { id : user.user_id};
    const data = { "roles" : ["{ROLE ID}"]};
    management.users.assignRoles(params, data, function (err, user) {
      if (err) { console.log(err); }
    	callback(null, user, context);
    });
}

The rule, setRolesToUser, works fine. I hope Auth0 can provide full-function actions soon.

References

  1. Add Default Role to New User Sign-up
  2. Assign Roles to Users
  3. How do I add a default role to a new user on first login?

Leave a Reply