Open nandanrao opened 3 years ago
@nandanrao for a first pass are we okay adding an organisation ID to the Auth0 metada that will be added to the claims:
{
"org_id": "1234"
}
Right, so adding the above to the users_metadata, and using an Auth0 action:
/**
* Handler that will be called during the execution of a PostLogin flow.
*
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'https://vlab.digital';
const { org_id } = event.user.user_metadata;
if (event.authorization) {
// Set claims
api.idToken.setCustomClaim(`${namespace}/org_id`, org_id);
api.accessToken.setCustomClaim(`${namespace}/org_id`, org_id)
}
};
Allows us to set the custom claims to the below:
{
"https://vlab.digital/org_id": "1234",
"iss": "https://vlab-dev.us.auth0.com/",
"sub": "auth0|6412f8baa95e852045477d6e",
"aud": [
"https://api-dev.vlab/",
"https://vlab-dev.us.auth0.com/userinfo"
],
"iat": 1679582016,
"exp": 1679668416,
"azp": "WZLSHAwHmqsgTDwA43MNuYcd1nQxyJTx",
"scope": "openid profile email"
}
I've added this to the demo account we use so far in order to continue testing
We decided to rather go with the frontend getting an organisation ID and passing it to the backend. So we added an organisation table with various columns being added. The frontend makes a call to the backend on login to "Get or Create" a user (see this PR: https://github.com/vlab-research/vlab/pull/173) This will return a user with the following structure:
{
"data": {
"id": "auth0|6412f8baa95e852045477d6e",
"orgs": [
{
"id": "90840745-4996-42bb-aa42-05a41936e6e0",
"name": ""
}
]
}
}
Note a user can be part of multiple organisations
We will need to add this functionality to the frontend so a user can choose what organisation to view as. as well as attaching the organisation to each request (Possibly as a custom header?)
Ideally individual users belong to "teams" who create studies/etc. Thus, they don't need to share login information.
This probably has 2 stages:
A) A user can belong to a team and only one team, a default team is created for the user when they join but they can renname that team, and can invite others. B) Users can belong to multiple teams.
User Stories (stage A)
User Stories (stage B)