Access user permissions array in user token

Why on earth is it so difficult to access a user’s “permissions” from within a react application?

I have a single-page application, and my user has some roles and permissions attached to it.

I can create a custom rule to add the “roles” to a custom namespace, but accessing the actual permissions is seemingly impossible.

Role access:
const assignedRoles = (context.authorization || {}).roles || [];

I need the granularity of permissions in my react app, roles are too broad.

To be clear there seems to be some sort of solution here:

But it is not clear if the call to the Management API getUserPermissions stated in that solution counts towards our API request limit?

Calling the management API each time a token is generated seems like a really expensive way to add permissions to a custom namespace, that can be accessed within our SPA.

Hi @tkiddle,

Welcome to the Auth0 Community!

I understand you have questions about retrieving the user’s permissions from an ID Token when using Auth0’s React SDK.

Yes, this is the first step you will need to do and seems like you have already implemented a Rule to append the custom claims to the ID Token. In this case, the custom claims will include the user’s Roles and Permissions. Be careful when choosing your namespace identifier, and abide by the guidelines described here.

Next, you will want to use the useAuth0 hook from the Auth0 React SDK and call the getIdTokenClaims method.

This way, you avoid any expensive API calls or exceeding the Rate limit when using the Management API Get a User’s Permissions and Get a User’s Roles endpoints.

Please let me know if you need more clarification or have any questions. I’d be happy to help.

Thanks.

1 Like