Replace auth0-authorization-extension rule with an action

[philippsteinberg]

At the moment the extension uses a rule to add the groups, roles and permissions to the user.
The rule is automaticly installed when adding the extension and part of this repo
https:/auth0/auth0-authorization-extension/blob/master/server/lib/rules/authorize.js

Since rules are deprecated this extenstion will no longer work out of the box after Nov 18, 2024
Is it planned to replace the rule with an action?

[RDP07]

Any answer here or date of when an answer might be coming for this?

[entropic489]

In the documentation for converting Rules to Actions, there's a limitation that directly affects this: https://auth0.com/docs/customize/actions/migrate/migrate-from-rules-to-actions#understand-limitations

Rules can add properties to the User object that then gets passed to subsequent Rules. Actions cannot do this.

[entropic489]

Got a workaround: you can use an Action to set a custom claim. User groups from Authorization Extension are synced to event.user.app_metadata.authorization.groups.

exports.onExecutePostLogin = async (event, api) => {
  const namespace = "https://test-namespace.com"
  const groups = event.user.app_metadata.authorization.groups;

  if (event.authorization) {
    // Set claims 
    api.idToken.setCustomClaim('${namespace}/groups', groups);
  }
};

Just can't override the reserved groups claim.

[simmerkaer]

That's cool and all, but what happens after November 18th, when the AuthorizationExtension rule no longer works and thus will not be setting the app_metadata values?

[hibiitt]

Hello, is there any information on this? I would like an answer to the last question from @simmerkaer.

[HirenPatel2791]

+1

[fujifilm-alinea]

+1

[mikvas-paf]

+1

[fsevilla06]

+1

[AndreaLandiArk]

+1

[hefnat]

+1

[AndreaLandiArk]

Got a workaround: you can use an Action to set a custom claim. User groups from Authorization Extension are synced to event.user.app_metadata.authorization.groups.

exports.onExecutePostLogin = async (event, api) => {
  const namespace = "https://test-namespace.com"
  const groups = event.user.app_metadata.authorization.groups;

  if (event.authorization) {
    // Set claims 
    api.idToken.setCustomClaim('${namespace}/groups', groups);
  }
};

Just can't override the reserved groups claim.

I also resolved this way

[hefnat]

Got a workaround: you can use an Action to set a custom claim. User groups from Authorization Extension are synced to event.user.app_metadata.authorization.groups.

exports.onExecutePostLogin = async (event, api) => {
  const namespace = "https://test-namespace.com"
  const groups = event.user.app_metadata.authorization.groups;

  if (event.authorization) {
    // Set claims 
    api.idToken.setCustomClaim('${namespace}/groups', groups);
  }
};

Just can't override the reserved groups claim.

I also resolved this way

Since this is making use of the app_metadata field, I'm concerned it will stop working after EOL of Rules

[alphonsoTheGreat]

+1

[tomerblecher]

+1

[ichalyk]

+1

[ahmedrage]

It is pretty concerning that we haven't gotten an answer to this since April. Will this extension stop functioning on Nov 18? Do we need to migrate to the core authorization features?