For our church, we wanted the ability for users to login to Rock with either passwordless authentication, or with Google Social.

We decided on the Auth0 integration published in the Hero Guide as our choice for the solution.

Setting it up was simple when following the instructions; however, we noticed that when logging in through Auth0, Rock created a new user instead of associating the login with an existing user.

We saw that a unique AUTH0_email|XXXXXXXXXXX ID would be associated with the new users' account:


Screen_Shot_2021-04-07_at_9.26.50_PM.png


To resolve this, we configured a "post user registration" action in the auth0 dashboard under "Actions" -> "flows" -> "post user registration".


Screen_Shot_2021-04-07_at_9.28.39_PM.png

Screen_Shot_2021-04-07_at_9.42.58_PM.png



We put in the Node.js code a very simple HTTPS call to an AWS Lambda function running Python (my language of choice) to make some API calls to Rock:

/** @type {PostUserRegistrationAction} */
module.exports = async (event, context) => {
   const https = require('https');
const data = JSON.stringify(event);
const options = {
  hostname: "xxxxxxxx.execute-api.us-east-1.amazonaws.com",
  port: 443,
  path: '/default/RockAssociateUser',
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
}
const req = https.request(options, (res) => {
  console.log(`statusCode: ${res.statusCode}`)
  res.on('data', (d) => {
    process.stdout.write(d)
  })
})
req.on('error', (error) => {
  console.error(error)
})
req.write(data)
req.end()
  return{};
};

Inside of the AWS Lambda job, we have the following python function:

import json
import boto3
import requests
sns = boto3.client('sns')
auth_key = "XXXXXXXXXX"
baseurl = "https://rockdev.somechurch.com/api/"
headers = {"authorization-token": auth_key, "Content-Type": "application/json"}
def lambda_handler(event, context):
        data = json.loads(event["body"])
    print(data  )
    email = data["user"]["email"]
    auth0ID = "AUTH0_email|" + data["user"]["id"]
    userID = findPerson(email)
    updateAuth(userID, auth0ID)
        #sns.publish(TopicArn=sns_topic, Message=json.dumps(event["body"]))
    return {
        'statusCode': 200,
        'body': json.dumps("Completed")
    }
def findPerson(email):
    r = requests.get(baseurl + "/People?$filter=Email%20eq%20'" + email + "'&$select=Id", headers=headers)
    r = r.json()
    return(r[0]["Id"])
def updateAuth(userID, auth0ID):
    data = {"EntityTypeId": 665, "UserName": auth0ID, "IsConfirmed": "true", "PersonId": int(userID)}
    data = json.dumps(data)
    r =requests.post(baseurl + "UserLogins", data=data, headers=headers)
    r = r.json()
    print(r)

The Python code has 3 functions

findPerson

This function locates the ID of the Rock user based on their email address (retrieves the earliest record created)

updateAuth

This function creates a userLogin with the Auth0 ID so that the Auth0 account is properly associated with the user.


If a user's email is not present in Rock a new account will be created.  Also, if there are multiple accounts with the same email, it will pick the first one it finds so you need to stay on top of merging duplicate records.  

I hope someone finds this helpful.