Feature: Make user’s permissions accessible via Post-Login Action if RBAC is enabled.
Description: It would be very helpful if it were possible to access the authenticating user’s Permissions during a Post-Login Action without having to make an additional API call. The permissions are returned in the Token if RBAC is enabled so they are definitely being accessed. Exposing permissions in a property such as event.authorization.permissions would be a great feature that could eliminate some API calls.
Use-case: My client’s software library is configured to use .NET Core’s Authorize attribute and looks at the authenticated user’s Roles to determine if they can access endpoints in the API. I am in the process of implementing Auth0 authentication, a new Authorization handler and updating code in their library. For backward compatibility after I have implemented the Auth0 authentication in the non-updated applications, I am required to add an additional Role claim to the Access token. If I were able to access the Permissions in the Post-Login action, I could simply duplicate those into the roles. However since that isn’t available, I have to make separate calls to retrieve an access token and retrieve Permissions for the authenticating user. I am using the Authorization Code flow so when a user log in, I have API calls retrieving Permissions and then another API call to redeem the Auth code for the user’s token.