Feature: Attach Permissions to ID Token without request to Management API
Description:
https://www.google.com/search?q=auth0+add+permissions+to+idtoken
There are many community posts asking this functionality going back years. Answers are mixed, with most referencing a 2019 community solution which is rather convoluted, adds extra requests (which will adversely affect rate limits) and I’m honestly struggling to implement in the new Actions area.
Some suggest enabling permissions in the accessToken, sending to an endpoint for parsing and returning the permissions. But this is again a convoluted solution, with an extra round trip and is a discouraged use of accessTokens.
Use-case:
We are building a SPA which requires routes and UI to be gated depending on the users permissions. Accessing those permission in the IDToken would be the safes way.
Potential Solution:
Adding as a “Actions Templates” would be great.
Providing a functioning documentation example would be good.
Any help with this would be much appreciated