Auth0 post-login action

post-login.ts

const sendUserTo = 'http://localhost:3000/account/registration';
const successUrl = 'http://localhost:3000/account';

exports.onExecutePostLogin = async (event, api) => {
  console.log(event);
  // If the user has accepted the terms already, we don't need to do anything else
  if (event.user.app_metadata.terms_and_conditions_accepted) return;

  // Redirect the user to the full registration page
  const sessionToken = api.redirect.encodeToken({
    secret: event.secrets.MY_SHARED_SECRET,
    payload: {
      iss: `https://${event.request.hostname}/`,
      sub: event.client.client_id,
    },
  });

  api.redirect.sendUserTo(sendUserTo, {
    query: {
      session_token: sessionToken,
      redirect_uri: `https://${event.request.hostname}/continue`
    },
  });
};

// Handler that will be invoked when this action is resuming after an external redirect. If your
// onExecutePostLogin function does not perform a redirect, this function can be safely ignored.

exports.onContinuePostLogin = async (event, api) => {
   const payload = api.redirect.validateToken({
    secret: event.secrets.MY_SHARED_SECRET,
    tokenParameterName: 'token',
  });
  api.user.setUserMetadata('first_name', payload['https://wellcomecollection.org/first_name']);
  api.user.setUserMetadata('last_name', payload['https://wellcomecollection.org/last_name']);
  api.user.setAppMetadata('terms_and_conditions_accepted', payload['https://wellcomecollection.org/terms_agreed']);
  api.redirect.sendUserTo(successUrl, {query: {success: 'true'}})

};