Accessing the permissions array in the access token

Unfortunately this is a bit confusing, I admit (already mentioned it to our documentation team):

The Rules engine in Auth0 isn’t using the latest node-sdk as referenced in the API docs on Github by default.
In order to enforce the latest version, you need to require it manually like below. Then the docs as on https://auth0.github.io/node-auth0/module-management.ManagementClient.html#getUserPermissions apply.

function (user, context, callback) {

  var ManagementClient = require('auth0@2.17.0').ManagementClient;
  var management = new ManagementClient({
    token: auth0.accessToken,
    domain: auth0.domain
  });

  // example params taken from docs page, adjust as needed
  var params = { id: user.user_id, page: 0, per_page: 50, sort: 'date:-1', include_totals: true };

  management.getUserPermissions(params, function (err, logs) {
    if (err) {
      // Handle error.
    }
    console.log(logs);
  });
}

Update/edit: one thing to note is that this rule would call the management API on every authentication request (this might lead to rate-limit issues). A way to optimize it would be to pre-calculate a user’s permissions and store it in the user’s app_metadata. The updating could be triggered by the Auth0 Authentication API Webhooks, listening to the respective events.

3 Likes