Tired of adding Roles to every new User, who wants to access your particular service, manually by logging into auth0. And giving it permission to access the service by attaching the Roles to it. And are you looking for a better approach to it. Like a Role automatically getting attached to all the valid users of a particular organisation as soon as they login. Then you are at the right place. In this blog I will be explaining you how you can achieve the same using Auth pipelines Rules.
Make sure to have a User and a Role created :
It is very simple to create a User and a Role in Auth0. And for your reference I have attached the link to my blog in which I have explained it in detail, on how to create a User and a Role in Auth0. After you have created a user you can scroll through a bunch of sections available. Navigate to the Details section, to the Permissions section and to the Roles section.
Ans as you can see currently no Roles are assigned to the user, which will automatically be assigned after the Rule that we will write gets executed.
Similarly, we have a Role created with the name Test-Role. This role has currently only one Permission and is using API named Demo-API which is our custom API that we have created for this demonstration purpose only. Currently no user is assigned to this Role.
Now lets move to the main topic of the blog i.e. Rules.
Creating an Auth Pipeline Rule :
Before creating our first Rule, lets first discuss what actually a Rule is. Rules are nothing but code snippets written in javascript that run on auth0 servers. We can customised them based on our requirements.
Consider it as a function that passes three parameters. The first parameter is user object as it come from the identity provider, the second parameter is the context object that contains the information about the current login attempt (from which device the log in made, which application a user is trying to login), and the last is the callback function that must be called within the rule to indicate either success or error. Auth0 provides simple way to customise the login process with the feature we call Rules.
To create a new Rule, Click the create Rule button. Which will take to the page where we will find options that we can use and customised according to our need in order to create a Rule. We can either pick an empty rule allowing us to build a rule from scratch or can choose from existing templates.
Lets pick empty rule for our demonstration as we will be writing our customised rule.
This template has an if condition attached to it which checks if the user is a valid user by checking its email endpoint, then has a function assigned to variable assignRoletoUser which is taking the logged-in user User-id and a role-id of the Role we want to attach and is assigning that Role to that particular User. We can give here a list of Roles in array format, all will get attached in the same way. Also at the end, a try-catch function for catching any errors in case it occurs.
Role getting automatically attached :
Now, when I tried login to the service this time, I can see I have access to the permissions that are mentioned in my Role. And looking at the Auth0 User we can find Role getting attached to this particular user dynamically without me doing any thing. Even if i delete this Role it will get attached again when i will log in again.
In this way you have ease your effort to attaching Role to every new User from your organisation.
References :
Link : https://auth0.com/blog/introducing-auth0-hooks/
Link to my blog on how to create an API, a User and a Role: https://blog.knoldus.com/creating-auth0-api-user-role/
