Hi community,
I’m facing an issue and I would like to know how to get the role data from user. The authentication is working well, the problem is that when I get the data from the user, I don’t have any property with the roles.
What I already did:
1 - Activate both options.
2 - Library used: @auth0 /auth0-angular
3 - I expect to see both properties below. But the properties are not there like the printscreen.
The observable that returns the user data is user$
Expected result:
Current result:
Is there anything else to do? Am I missing any configuration?
Cheers,
Guilherme Marques.
tyf
July 29, 2022, 12:02am
4
Hello @it-phoenix welcome back!
It looks like the data you’ve shared is tied to an ID token whereas the RBAC/Permissions settings apply to Access tokens. You’ll want to take a look at the following FAQ which outlines how to add roles/permissions to an ID token:
Problem statement
Is it possible to retrieve the user’s Roles and/or Permissions and include them in the JWT Token?
Solution
Yes, it’s possible to retrieve the user’s Roles and/or Permissions and append them to either the ID Token or Access Token. To do so, you must use a Post-Login Action script.
1.1 Roles
When adding the user’s Roles to the token, call the event.authorization.roles property and add it as a custom claim to the Token. Please see here on creating namespaced custom claims. Be…
Let us know if you have any questions!
2 Likes
Hi tyf,
Thanks for the help.
We could fix the issue create a new rule.
Auth Pipeline - Rules - We added the following rule.
function (user, context, callback) {
const namespace = 'http://schemas.microsoft.com/ws/2008/06/identity/claims';
const assignedRoles = (context.authorization || {}).roles;
const ManagementClient = require('auth0@2.17.0').ManagementClient;
const management = new ManagementClient({token: auth0.accessToken,domain: auth0.domain});
// const params = { id: user.user_id, page: 0, per_page: 50, include_totals: true };
let idTokenClaims = context.idToken || {};
let accessTokenClaims = context.accessToken || {};
idTokenClaims[`${namespace}/role`] = assignedRoles;
accessTokenClaims[`${namespace}/role`] = assignedRoles;
context.idToken = idTokenClaims;
context.accessToken = accessTokenClaims;
callback(null, user, context);
}
Cheers,
Guilherme Marques.
2 Likes
tyf
July 29, 2022, 2:33pm
6
No problem, happy to help! Good to know you were able to get this sorted with the new rule, and thanks for following up with the community
tyf
Closed
August 13, 2022, 2:33pm
7
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.