one way to add authorization permissions is through the authorizationParams object but one issue is that we don’t role of the user before login. so how can we generate access tokens based on role
in short, what I want to do is I want to have an access token based on the role of the user. so i can call role enabled custom API.
I have an Express-based web app application where as soon as a user with a guest role pays for our service we want to assign him a premium-user role. for that, I am using this link.
what I want to do is that I want this user to have the latest access token based on the latest permission. so I can use a new access token (req.oidc.accessToken.access_token) for RBAC-based API.
and also want to change the payload of id-token and new access token. because at the time of login I am using post-login action to add roles into the payload of id-token and access-token.
tech stack express - express-openid-connect (traditional web-app).
code for my post-action login and auth config.
const namespace = 'https://chats.com';
if (event.authorization) {
api.idToken.setCustomClaim(`${namespace}/roles`,event.authorization.roles);
api.accessToken.setCustomClaim(`${namespace}/roles`,event.authorization.roles);
}