Please find the below issue i am facing and provide the support for the same.
1.i created a spa and api. For api , i added permissions and 2 roles(with added permissions). assigned those roles to a particular user in dashboard. when user logs in, i get access token but the access token does not contain any payload information(paylaod is empty).
i am expecting the login user role(has permissions) permissions should appear in payload field claims/custom claims/permissions.
also which filed in payload provides the roles assigned to login user.
i am using universal login in angular spa app. when login happens it is calling the url:https://vannaauth0-dev.us.auth0.com/oauth/token with post with form data:
client_id: NJFOoL71k2BrzdbNanIl4Iulr1vKtuGJ
code_verifier: c_tYiYPdVxByxhT-QUNwDvGtnLkE0Qns5uBWfbhrr4C
grant_type: authorization_code
code: oVjmsy8PIdourziPwF3dqlw688fU29z_DS0q1HZZugrCP
redirect_uri: http://localhost:4200
Thanks for sharing! Do you define the scopes for your API (that you have set in your Auth0 dashboard) in you app as well?
SPA Angular 2 Implementation (SPAs + API) - this step shows where to set scopes. By default, the scopes added to the access token are the one you can see in the response you’ve shared. You would also need to add the identifier of your won API there as well.
Just to be more specific on my last replay - if you tried to decode the access token via jwt.io and got an empty payload, it may be that you receive an opaque token instead of jwt token. Here you can find explanation for it - Why is my access token not a JWT? (Opaque Token)
So I was actually referring to the “audience” parameter that needs to be set to receive a jwt token. With angular sdk, it would go there:
