Add All User Permissions to AccessToken

b.neugebauer · July 27, 2024, 3:51pm

Our frontend application handles user logins and receives an AccessToken. We plan to use this AccessToken across multiple APIs in our ecosystem, and we want it to include the user’s permissions for each API they might access.

I created an API in the Auth0 Dashboard, enabled “Enable RBAC,” and activated “Add Permissions in the Access Token.” Based on the RBAC Settings descriptions, I assumed this would be sufficient to add permissions to the AccessToken upon user login. However, this did not reflect in the token. I can only see “roles” that I added to a namespace using an Auth0 Action but I cannot find permissions in the “session.user” object.

vigneshSivasamy · July 28, 2024, 12:52pm

Hello,

To receive permission in access token, you need to include the audience parameter in your Authorization request. If you are working with a single-page application, you should use Silent Authentication to obtain an access token. If you are using an SDK, it will automatically make a call to the token endpoint, and you can capture the token in the network calls to validate

Topic		Replies	Views
How to add permissions to the access token (Actions) [Edit] Help auth0 , management-api , login	3	3011	January 8, 2024
Add All User Permissions to AccessToken in onExecutePostLogin Action Help extensibility , actions-extensibility	2	1511	July 20, 2023
How to add user permissions to id token? Help jwt	6	12158	April 20, 2020
How to Add Permissions from Roles to Access Token Help user-profile , user-management	6	2830	January 13, 2023
Access Token does not contain Help jwt , auth0	2	1950	August 12, 2022

Add All User Permissions to AccessToken

Related topics