Auth0 roles are not showing

I followed the helpful tutorial on how to setup fauna with Auth0
In part 2 it shows how to add the role into the idToken but for some reason in the rule it comes empty when I try to fetch from the authorization roles.

context.authorization.roles

As a workaround I am fetching from the user app_metadata but that isn’t ideal because I have to manually update the app_metadata for each user and it can get out of sync with the real Auth0 roles.
Any idea on what might I be missing?
Other than that everything works well. Upon login the user gets the auth token which it is used to fetch successfully on Fauna GraphQL’s API.

Hi @vasco3,

Just to be clear, are you not seeing the roles in the Auth0 configuration, or somewhere else? Can you share a screenshot of the Roles and Rules pages in your Auth0 config (be sure to obfuscate any sensitive information)? Also, can you share the steps you’re taking to access context.authorization.roles? It’s not clear if you’re seeing an error in your application or somewhere else; we want to make sure we have a full understanding of what you’re seeing and where the problem might be.

Thanks,
Cory

this is how I’m doing it in an Action

this happens on the postLogin in my app. The user logs in and the NextJs app calls a /api/auth/user which fetches the user data from auth0 (including the app_metadata).
That’s when I see that the app_metadata isn’t filled in. I also tried it by debugging an auth0 rule and it would be the same issue.

Ah, I see where the disconnect is now. Actions and Rules in Auth0 aren’t quite the same thing. The tutorial covers using Rules, not Actions. So using those instructions with a different mechanism isn’t guaranteed to work. This post in the Auth0 forums does a succinct job of explaining the difference.

I recommend going back to the tutorial and setting a Rule, not an Action; be sure that it includes the context.accessToken element as that is how Auth0 will know which roles to apply based on the token being sent by Fauna.

function setRolesToUser(user, context, callback) {
  context.accessToken['https:/db.fauna.com/roles'] = context.authorization.roles;
  return callback(null, user, context);
}

It’s been a while since I’ve done any heavy lifting with Auth0 so I’m not sure how you’d do the same thing with Actions. That might be a better question for an Auth0 forum, as it’s not something specific to Fauna.

1 Like

Thanks Cory. I tried with both the rules and the actions but got the same result. I will ask in auth0 forum although they seem to have longer response times than here.

Please let us know what you find out, I’ll be curious if this is something we should update in the tutorial. If the steps are out of date we’ll want to fix that.

1 Like

Auth0 thinks it is a bug on their side and it’s on the backlog
https://community.auth0.com/t/re-in-action-post-login-event-authorization-roles-is-empty/71304/7