Search code examples
auth0openid-connect

How to get the user_id field in Auth0 Hooks?

I'm trying out some of the new Hooks features in Auth0, specifically the post-registration hook. I was hoping to use the user_id profile field, i.e. provider|id as mentioned here so we could create a user record on our application side. We would assign UUIDs to our users, but each would have a unique key from Auth0.

A sample of the hook looks like this - I am exporting the entire set of data available to me:

module.exports = function (user, context, cb) {
  var request = require('request');
  request({
    method: 'POST', 
    url: 'https://requestb.in/1ejaxvz1',
    body: {
     "id": user.id,
     "user": user,
     "context": context
    },
    json: true
  },
  function(error, response, body) { 
    console.log(user);
    console.log(context);
    cb(error, response) 
  });
};

However, while this gives me the user's base ID, it does not appear that information about the full user_id or anything about the provider is available to the hook. In other words, rather than giving me the full id that looks like provider|12345678, I only get the 12345678. When I get the jwt from Auth0, the sub value is returned as provider|12345678.

So my question has 2 parts: 1) Is this full user ID intentionally left out of hooks for a reason or is this a design oversight? This feature is still in beta at the time of writing this.

2) Without the full user ID provider|12345678 I can't do an exact match on the sub value in the jwt. But, I could attempt to partial-match by dropping the provider. I'm not clear on whether this is a valid practice though. I suspect it's not, but this is tricky to test.

Solution

  • Post-registration hook is only run on Database signups and the user_id format will always be prefixed with auth0| when entered into the Database. This might change in the future however.

    1) Is this full user ID intentionally left out of hooks for a reason or is this a design oversight? This feature is still in beta at the time of writing this.

    This would be by design but I do agree that the better approach would be to expose the full user_id in hooks including the provider as well.

    2) Without the full user ID provider|12345678 I can't do an exact match on the sub value in the jwt. But, I could attempt to partial-match by dropping the provider. I'm not clear on whether this is a valid practice though. I suspect it's not, but this is tricky to test.

    Yes, you would have to prefix the user_id with auth0| to get the exact match. Again this is not the best practice but Hooks is still beta.