Access user permissions within rule code?

I am trying to write a rule that validates that the user has a particular permission, with the necessary permission derived from an aspect of the client metadata.

My problem is I can’t seem to find a way to get at the user permissions.
In context.authorization.roles I can see the roles that have been assigned to the user, but not the permissions derived from those roles.
I turned on “Add Permissions in the Access Token” just in case but that doesn’t seem to relate to this.

I’d expect there to be something similar to the output from the https://auth0.com/docs/api/management/v2#!/Users/get_permissions API response, with all the permissions the user has across any roles they have been assigned.

Any guidance you can give me on this would be really appreciated (even if it’s to say I’m approaching this in completely the wrong way).
Thanks.

3 Likes

Got the same problem. Did you figure out a way to do?

2 Likes

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?

1 Like

:wave: Permissions aren’t available like the roles in the context object. However, you may access the user’s permissions by calling the management API within the rules.

Please note that in general calling management API within the rule isn’t recommended as it will consume your management API quota and management API has lower rate limits.

function (user, context, callback) {

      var ManagementClient = require('auth0@2.17.0').ManagementClient;
      var management = new ManagementClient({
        token: auth0.accessToken,
        domain: auth0.domain
      });

      var params = { id: user.user_id};

      management.getUserPermissions(params, function (err, permissions) {
        if (err) {
          // Handle error.
        }
        // permissions for the user is available here.
        callback(null, user, context);
      });
      
    }
1 Like

Thanks for sharing that solution here @Saltuk!