# prisma-whats-new
- m
monkeybonkey
11/16/2016, 8:56 PMalso for the user authentication scenario is there a way I can do a user upsert in one graphql call.. or do some sort of if condition so that I create user if it doesn’t exist and call signin again? - m
monkeybonkey
11/16/2016, 8:56 PMbecause when I use auth0 lock, I get a user token but don’t know if its an existing user or not - m
monkeybonkey
11/16/2016, 8:57 PMI suppose I can try signing in first - then look for a non exiting user error (is it code 3022?) and then do a create mutation then a signin mutation again - m
monkeybonkey
11/16/2016, 8:57 PMbut wondering if there’s a shorter or more reliable way of doing it - s
schickling
11/16/2016, 8:58 PMThere is @monkeybonkey! We'll release a new way of doing this over the next few days! - m
monkeybonkey
11/16/2016, 8:58 PMok, I’ll wait to implement then - m
monkeybonkey
11/17/2016, 1:49 PMcalling the createUser mutation with auth0, how do I pass along additional required fields that I set on my user model? - m
monkeybonkey
11/17/2016, 1:50 PMCopy codecreateUser(authProvider: { auth0: { idToken: $idToken }}, email: $email, username: $username) { id } - m
monkeybonkey
11/17/2016, 1:50 PMdo I send it as part of the authProvider object? - n
nilan
11/17/2016, 1:50 PMno, you send it as separate parameters - n
nilan
11/17/2016, 1:51 PMdo you use Apollo? - m
monkeybonkey
11/17/2016, 1:51 PMyeah - n
nilan
11/17/2016, 1:52 PMI am currently working on a detailed example, also with the situation that we have to set additional required fields with
simple smilecreateUser - n
nilan
11/17/2016, 1:52 PMwill be ready today. I am also using Apollo 👍 - m
monkeybonkey
11/17/2016, 1:52 PMI sent it as the above query as a seperate parameters but it gave me a permission error - n
nilan
11/17/2016, 1:52 PMdo you have a permission for
onEVERYONE
?createUser - m
monkeybonkey
11/17/2016, 1:53 PMit’s got no permissions set on it so it would be the default - m
monkeybonkey
11/17/2016, 1:53 PMI’ll set it to everyone and see what happens - n
nilan
11/17/2016, 1:53 PMwell, a request is permitted if a permission is found whose parameters this request fulfills - m
monkeybonkey
11/17/2016, 1:53 PMI’m also toying with the idea of using an auth0 rule to create users on signup - n
nilan
11/17/2016, 1:53 PMif you have no permissions, we cannot grant the request permission simple smile - m
monkeybonkey
11/17/2016, 1:54 PMand have the backend do it rather than the client.. auth0 would have to call an http endpoint but not sure how to get the auth0 token from the rules context that they have... - m
monkeybonkey
11/17/2016, 2:00 PM@nilan setting the permissions worked… for some reason it makes me a bit nervous to allow everyone to create - but I guess that’s the right permissions for a registration from a client use case - n
nilan
11/17/2016, 2:01 PMyes, it feels weird, but it's perfectly fine simple smile we definitely should allow users to sign up, right simple smile - m
monkeybonkey
11/17/2016, 2:42 PMis there a way I can create a user and set the auth0UserId directly without using a token? - m
monkeybonkey
11/17/2016, 2:43 PMIf I move the createUser from the client code to the server by using an auth0 “rule” server side trigger, I can post to graph cool auth0userid with an admin permanent token - m
monkeybonkey
11/17/2016, 2:44 PMHowever, I don’t think the auth0 context gives me access to the idToken that would have been generated - n
nilan
11/17/2016, 3:02 PMno, the
is automatically set by theauth0UserId
mutation depending on thecreateUser
that you provideidToken - m
monkeybonkey
11/17/2016, 4:26 PMis there a way that an admin account can insert into the user data directly with a different mutation? - n
nilan
11/17/2016, 4:39 PMno, there isn't. Can you speak a bit more about your use case for this possibility?