Add All User Permissions to AccessToken

b.neugebauer · July 27, 2024, 3:51pm

Our frontend application handles user logins and receives an AccessToken. We plan to use this AccessToken across multiple APIs in our ecosystem, and we want it to include the user’s permissions for each API they might access.

I created an API in the Auth0 Dashboard, enabled “Enable RBAC,” and activated “Add Permissions in the Access Token.” Based on the RBAC Settings descriptions, I assumed this would be sufficient to add permissions to the AccessToken upon user login. However, this did not reflect in the token. I can only see “roles” that I added to a namespace using an Auth0 Action but I cannot find permissions in the “session.user” object.

vigneshSivasamy · July 28, 2024, 12:52pm

Hello,

To receive permission in access token, you need to include the audience parameter in your Authorization request. If you are working with a single-page application, you should use Silent Authentication to obtain an access token. If you are using an SDK, it will automatically make a call to the token endpoint, and you can capture the token in the network calls to validate

Topic		Replies	Views
How can i add user permissions to Id token? Help management-api , roles	2	14	October 8, 2024
Auth0 scopes missing Help configuration , application	4	18	October 22, 2024
Access a user's permissions within a Post-Login Action without using the API Management library Knowledge Articles user , permission , post-login-action , managment-api	1	1273	September 2, 2023
How to get permissions for user? Help	15	20638	August 15, 2019
Auth0 .NET Core 3.1 JWT Authorization How JWT.io	9	4056	July 24, 2020

Add All User Permissions to AccessToken

Related Topics