Auth0 Home Blog Docs

auth0-authorization-extension rule only provides groups, not roles or permissions



Hi, I’ve started using the authorization extension recently. I’ve added a test group, role and permissions, and assigned the role to my user, both via the group and directly.

I have also enabled the rule to publish the auth data to the token. The problem is, every time I log in, I only see the groups data in the outgoing token.

I added a console.log in the auth0-authorization-extension rule:

 getPolicy(user, context, function(err, res, data) {
     ... error handling code removed ...
    // Update the user object.
    user.groups = data.groups;
    user.roles = data.roles;
    user.permissions = data.permissions;

And observe the following data in the Real-time Webtask Logs:

  "roles": ],
  "permissions": ],

Any ideas what’s going wrong?


This is a native client type


Ok, it seems roles and permissions are linked to specific clients, so when I was using the TRY ALL RULES WITH... button on the Rules page on the console, it wasn’t using the same client that I use from my application.

In my opinion this should be made much clearer in the authorization extension documentation, as it seems to have bitten a few people already.

Also, it’s quite unclear how you would create rules for a specific client if you have multiple clients… presumably importing and exporting the json document?