Adding user permission to the id-token

I’ve got a react application and a backend project which exposes some APIs.
I’ve assigned some roles to the users and some permissions to those roles. I have access to the permissions in my access token, so the backend project can authorize the user based on the permissions. But I need those permissions in the SPA too. For example the user should not be able to see the “edit post” button if he doesn’t have post:edit permission.
Of course I can parse the access token payload in the SPA and get the permissions from that, but this is not a good practice. Now I’ve two questions:

  1. Is there a way to add permissions to the id token? (e.g. Via actions or any other way)
  2. Is there a special reason that this is not the default behaviour of the system, because I think it is not a rare use-case.

Hi @stehranchi,

Welcome to the Auth0 Community!

There are quite a few posts in the forum about this:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.