Hey there @davidplane , thanks for posting!
Let’s discover what’s missing.
Alright, so the user you are testing the authorization has some role assigned👍🏼
We would also want to discover what properties are available under the session object (if the added claim can be reachable there) and if this can be printed out to the user this way.
Before we dig into that - could you please:
- make sure the Action is deployed and added to the Flow?
- the API that the user tries to authorize to have the RBAC feature enabled? This can be done via Auth0 dashboard → Applications → API → your API → Settings → toggle the switch of RBAC.
Could also try to verify if the claim is added to the token by decoding it via jwt.io - tokens should be available via the browser developer tool under the https://auth0_domain/oauth/token (response).
Looking forward to your reply!