Alright thanks @mathiasconradt I’m finally cooking with butter over here…
I’m pasting my rule that augments the idToken with user permissions here for others:
function (user, context, callback) {
var map = require('array-map');
var ManagementClient = require('auth0@2.17.0').ManagementClient;
var management = new ManagementClient({
token: auth0.accessToken,
domain: auth0.domain
});
var params = { id: user.user_id, page: 0, per_page: 50, include_totals: true };
management.getUserPermissions(params, function (err, permissions) {
if (err) {
// Handle error.
console.log('err: ', err);
callback(err);
} else {
var permissionsArr = map(permissions.permissions, function (permission) {
return permission.permission_name;
});
context.idToken[configuration.NAMESPACE + 'user_authorization'] = {
permissions: permissionsArr
};
}
callback(null, user, context);
});
}
Note that I am using a global config settings (found on the Rules home page) to set the configuration.NAMESPACE value.
My next step will be reading these permissions on the client side…stay tuned.
You can use the getIdTokenClaims method of the auth0Client to get at the permissions added in the rule.