Search⌘ K
Home
Courses
Control Access to Your Applications Using Auth0 API in JavaScript

Assigning Users to Roles and Getting a Role’s Users

Learn how to assign a role to a user and get all the users assigned to the role.

We'll cover the following...

In this lesson, we'll see how we can assign users to a role and get a list of our role's users by using an API call. We'll use the https://{{DOMAIN}}/api/v2/roles/{id}/users endpoint to achieve these tasks. Assigning a role to a user is a POST request, while getting a role’s users is a GET request.

Assigning roles and getting a role’s users
Assigning roles and getting a role’s users

Assigning users to a role

After creating both users and roles, it’s time for us to assign these roles to a particular user by using the /api/v2/roles/{id}/users endpoint of Auth0. This endpoint requires our access token to have update:roles and create:role_members scope.

Request parameters

In this section, we'll see which parameters are required to assign a role to a user; because this is a POST request, we have a list of parameters that can be passed as body parameters. Let's have a look at the table below:

Parameter Name

Type

Category

Description

id

String

Required

Defines the ID of the role that will be assigned to a user.

users

Array

Required

Defines the user ID of the users who will be assigned a role.

The following code will assign a user to a role. Click the “Run” button to execute the code.

Javascript (babel-node)
// Importing libraries here
const fetch = require('node-fetch');
const endpointUrl = new URL('https://{{DOMAIN}}/api/v2/roles/{{ROLE_ID}}/users');
const headerParameters = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{ACCESS_TOKEN}}',
}
const bodyParameters = JSON.stringify({
  "users": [
    "{{USER_ID}}"
  ]
});
const options = {
  method: 'POST',
  headers: headerParameters,
  body: bodyParameters,
};
async function createClient() {
  try {
    const response = await fetch(endpointUrl, options);
    printResponse(response.status);
  } catch (error) {
    printError(error);
  }
}
createClient();

Let's look at the highlighted lines from the code shown above:

  • Line 4: We define the endpoint URL in which we passed the role ID as a path parameter to assign a role to a user.

  • Lines 6–9: We define the headerParameters object, which tells the API call about the type of data we are sending and the access token.

  • Lines 11–15: We define the bodyParameters object. We define the users parameter in which we pass the user's IDs, which will be assigned a specific role.

  • Line 32: We invoke the createClient function.

Response fields

In case of successful execution of the code, it will return 200 status code as a response.

Getting a role’s users

To get the information of all the users who have been assigned a specific role, we can send a GET request, which will return all the meta-data of all the users.

Request parameters

We have to send the ID of a role as a path parameter to list all the users specific to a particular role. In the following code widget, we get a role's users. Click the “Run” button to execute the code.

Javascript (babel-node)
// Importing libraries here
const fetch = require('node-fetch');
const endpointUrl = new URL('https://{{DOMAIN}}/api/v2/roles/{{ROLE_ID}}/users');
const headerParameters = {
  'Content-Type': 'application/json',
  'Authorization': 'Bearer {{ACCESS_TOKEN}}',
}
const options = {
  method: 'GET',
  headers: headerParameters,
};
async function getAllRoleUsers() {
  try {
    const response = await fetch(endpointUrl, options);
    printResponse(response);
  } catch (error) {
    printError(error);
  }
}
getAllRoleUsers();

Let's look at the highlighted lines from the code shown above:

  • Line 4: We define the endpoint URL to filter all the role users.

  • Line 18: We make a GET request using the fetch function.

  • Line 25: We invoke the getAllRoleUsers function.

Response fields

The successful execution of the above code will list all the role users and return metadata. Some of the important response fields are as follows.

Name

Description

user_id

Contains the user's ID.

email

Contains the user's email.

multifactor

Contains the users enrolled in the multifactor authentication.

last_login

Contains the user's last login details.

last_ip

Contains the user's last login IP address.