I saw the answer here about getting a users permissions: http://community.auth0.com/t/how-do-i-add-user-permissions-to-id-token/28611
The functions to get user permissions gets ALL of a users permissions. I want to get the permissions associated with the API (audience) sent in. If you enable RBAC for an API you can select to have the permissions added to the access token. This works well, the permissions returned there are ONLY the permissions associated with the API indicated by the audience. I would also like to add these permissions to the id token.
Thanks.
Hi @michael.glenney,
Welcome to the Auth0 Community Forum!
If you are wanting to add them in a custom claim (similar to how it is handled in the FAQ you linked), then you will need to cross reference the permissions from the user permissions endpoint with the permission available to the resource server (API).
It sounds like there may be some better configuration that could optimize the flow. I would recomend this blog post, specifically the section titled Role-Based Access Control Example in React Apps
. (I would like to it but there is no anchor.)
Hope this helps!
Thanks,
Dan