-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding user_metadata #223
Comments
The user profile is only updated on logins, You might need to refresh it after updating the user profile. This is the way the plugin stores the user info in the user_meta, https://github.com/auth0/wp-auth0/blob/master/lib/WP_Auth0_UsersRepo.php#L165-L170 you should do the same with the new profile
Yes, check the user meta for that user,
ok I will check |
Hi Glena, Thanks for getting back. The only way I can see how to get user_metadata from Auth0 is to save the users access_token at login, then use that to request the user_metadata from Auth0 on subsequent requests. Is this the right way to go about it? My desired setup would be:
|
Yes you are right, but not the access_token, the id_token. about your setup, this will only happen if the user is not logged into website 2 so when the user accesses there it will update the user profile. If the user is already logged in site 2, the profile will not be updated. In this case, you will need to build some api to call in the other site each time you change something on the profile to get it synchronised. |
Can data not be stored globally for the user rather than an individual login? |
sorry didnt understand what you meant |
Maybe I'm thinking about it wrong, but if a user stores something transient such as a shopping list to their user_metadata, how can that shopping list be shown on other applications without the user needing to re-authenticate? Is there a way to invalidate a JWT and force other applications to refresh on load? Additionally, my main reason for choosing Auth0 is so user information isn't stored on our servers, however the plugin creates a user account via wp_insert_user. If we have many applications with SSO, this means we encounter duplicate user accounts. |
No. It is not an issue related to auth0 but how to synchronise your data between your apps. In this scenario Auth0 is just a data store and you will need to define how do you want to deal with this. Posible approaches:
For the latest, I will need to do a couple of changes to give you the refresh token in to the user login action (https://github.com/auth0/wp-auth0#user-login-action) so you can do the rest (check if the token expires, fetch a new one and update the user profile). |
Thanks Glena. I think I've found a solution to this, but would like your input on one thing:
Where I'm getting confused, is how do I send the profile back to client1.com from master? Is it safe to redirect to client1.com with the access token obtained from master? e.g.: wp_redirect('client1.com/#access_token=...'); Is this a typical scenario? |
Sounds like a little bit over-engineered (very complex scenario to maintain and very error prune). I would go by finding a way to notify other apps that the user profile had changed as I said before (first proposal) or avoid storing the profile and fetch it from auth0 (second proposal, you can cache this to avoid calling on every page request) |
I think you're right in terms of over-engineered. Do you think the following solution would work better in your mind?
This way all of our data is in sync. We just make API calls to the master if we want to store / retrieve user data that needs to be globally available (across apps, other websites etc) So just to clarify, what should actually go in auth0 user_metadata? Do you think it's best to avoid this field at all costs? I should be able to achieve this setup using the WP REST API (to create the user account) and the Auth0 WP plugin. |
Yes, this might be better |
@drewsymo did you ever get this working? |
Hi guys,
I'm looking at a way to add user_metadata to a given user, currently I have:
This works, however, the user_metadata only refreshes when a user logs out and logs back in.
Secondly, I can't find a way to find the Auth0 user ID based from the WordPress user ID. So we have to use the current user each time, which could become problematic if you're trying to update someone else's profile.
I've tried using the Auth0 Edit Profile Widget, however it seems to throw a React error and I'm not sure what the user_token would be.
Thirdly, the get_auth0currentuserinfo() func always returns false. Not sure why this is, as get_auth0currentuser() seems to work fine.
So TL;DR
The text was updated successfully, but these errors were encountered: