auth0-authorization-extension icon indicating copy to clipboard operation
auth0-authorization-extension copied to clipboard

Published 20 hours ago verified publisher icon auth0

Replace auth0-authorization-extension rule with an action

Open philippsteinberg opened this issue 1 year ago • 20 comments

At the moment the extension uses a rule to add the groups, roles and permissions to the user. The rule is automaticly installed when adding the extension and part of this repo https://github.com/auth0/auth0-authorization-extension/blob/master/server/lib/rules/authorize.js

Since rules are deprecated this extenstion will no longer work out of the box after Nov 18, 2024 Is it planned to replace the rule with an action?

philippsteinberg avatar Apr 12 '24 13:04 philippsteinberg

Any answer here or date of when an answer might be coming for this?

RDP07 avatar Jun 10 '24 21:06 RDP07

In the documentation for converting Rules to Actions, there's a limitation that directly affects this: https://auth0.com/docs/customize/actions/migrate/migrate-from-rules-to-actions#understand-limitations

Rules can add properties to the User object that then gets passed to subsequent Rules. Actions cannot do this.

entropic489 avatar Jul 15 '24 21:07 entropic489

Got a workaround: you can use an Action to set a custom claim. User groups from Authorization Extension are synced to event.user.app_metadata.authorization.groups.

exports.onExecutePostLogin = async (event, api) => {
  const namespace = "https://test-namespace.com"
  const groups = event.user.app_metadata.authorization.groups;

  if (event.authorization) {
    // Set claims 
    api.idToken.setCustomClaim('${namespace}/groups', groups);
  }
};

Just can't override the reserved groups claim.

entropic489 avatar Jul 16 '24 16:07 entropic489

That's cool and all, but what happens after November 18th, when the AuthorizationExtension rule no longer works and thus will not be setting the app_metadata values?

simmerkaer avatar Jul 30 '24 10:07 simmerkaer

Hello, is there any information on this? I would like an answer to the last question from @simmerkaer.

hibiitt avatar Aug 29 '24 09:08 hibiitt

+1

HirenPatel2791 avatar Aug 30 '24 16:08 HirenPatel2791

+1

fujifilm-alinea avatar Sep 03 '24 15:09 fujifilm-alinea

+1

mikvas-paf avatar Sep 12 '24 08:09 mikvas-paf

+1

fsevilla06 avatar Sep 18 '24 18:09 fsevilla06

+1

AndreaLandiArk avatar Sep 24 '24 15:09 AndreaLandiArk

+1

hefnat avatar Oct 04 '24 06:10 hefnat

Got a workaround: you can use an Action to set a custom claim. User groups from Authorization Extension are synced to event.user.app_metadata.authorization.groups.

exports.onExecutePostLogin = async (event, api) => {
  const namespace = "https://test-namespace.com"
  const groups = event.user.app_metadata.authorization.groups;

  if (event.authorization) {
    // Set claims 
    api.idToken.setCustomClaim('${namespace}/groups', groups);
  }
};

Just can't override the reserved groups claim.

I also resolved this way

AndreaLandiArk avatar Oct 04 '24 07:10 AndreaLandiArk

Got a workaround: you can use an Action to set a custom claim. User groups from Authorization Extension are synced to event.user.app_metadata.authorization.groups.

exports.onExecutePostLogin = async (event, api) => {
  const namespace = "https://test-namespace.com"
  const groups = event.user.app_metadata.authorization.groups;

  if (event.authorization) {
    // Set claims 
    api.idToken.setCustomClaim('${namespace}/groups', groups);
  }
};

Just can't override the reserved groups claim.

I also resolved this way

Since this is making use of the app_metadata field, I'm concerned it will stop working after EOL of Rules

hefnat avatar Oct 04 '24 08:10 hefnat