Auth0 Roles Action with Blazor Web Application (not API)

Get Help
,
1

Ready to post? :magnifying_glass_tilted_left: First, try searching for your answer.
Hi there … I’m not sure what I’m doing wrong but here it goes …

I created my roles and granted my Users access for my Blazor Server app:

image
image1272×692 55.3 KB

HOWEVER when I check the jwt, there are no roles:

http://schemas.microsoft.com/ws/2008/06/identity/claims/role”: ,
“nickname”:“username” etc.

However, when I run the following code after I’ve already logged in, I get the roles:

UserId = state.User.Claims
.Where(c => c.Type.Contains(“nameidentifier”))
.Select(c => c.Value)
.FirstOrDefault() ?? string.Empty;

GetRoles(UserId,GetBearerToken());

private string GetBearerToken()
{
var client = new RestClient(“https://[Domain]/oauth/token”);
var request = new RestRequest();

request.Method = Method.Post;
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"client_id\":\"[client_id]\",\"client_secret\":\"[client_secret]\",\"audience\":\"https://[domain]/api/v2/\",\"grant_type\":\"client_credentials\"}", ParameterType.RequestBody);

var response = client.Execute(request);
var content = response.Content ?? string.Empty;
var bearerToken = JsonNode.Parse(content)?["access_token"];

return bearerToken?.ToString() ?? string.Empty;

}
private async void GetRoles(string userId, string token)
{
if (userId.Trim().Length > 0 && token.Trim().Length > 0)
{
var client = new RestClient(“https://[domain]/api/v2/users/” + userId + “/roles”);

    var request = new RestRequest();
    request.Method = Method.Get;
    request.AddHeader("authorization", "Bearer " + token);

    var response = client.Execute(request);
    List<ApplicationRole> roles = JsonSerializer.Deserialize<List<ApplicationRole>>(response.Content);

    if (roles != null)
    {
        foreach (ApplicationRole role in roles)
            Console.WriteLine(role.name);
    }

    //SetRoles();
}

}
class ApplicationRole
{
public string id { get; set; }
public string name { get; set; }
public string description { get; set; }
}

3

Hi @ssvpdeveloper

Welcome to the Auth0 Community!

Roles are not passed through the ID token after login.

In order to access this information, you will need to use a Post Login Action in order to set custom claims to the id or access token and access it in the user profile inside the application:

exports.onExecutePostLogin = async (event, api) => {

  const namespace = 'https://my-app.example.com';

  api.idToken.setCustomClaim(`${namespace}/user_roles`, event.authorization.roles);
};

or

exports.onExecutePostLogin = async (event, api) => {

  const namespace = 'roleClaims';

  api.idToken.setCustomClaim(namespace, event.authorization.roles);
};

You can read more about that in this blog.

If you have any other questions, feel free to leave a reply!

Kind Regards,
Nik

4

Sorry … I forgot to say that I created an Action and added it after login and added the following:

exports.onExecutePostLogin = async (event, api) => {
const assignedRoles = (event.authorization || {}).roles;

api.idToken.setCustomClaim(‘http://schemas.microsoft.com/ws/2008/06/identity/claims/role’, assignedRoles);
}

Still no roles coming back :frowning:

Thank you for trying to help me out Nik!

5

Hi again.

Have you tried to decode the id token using jwt.io to see if the custom claim is present?

Otherwise, you can also create a new application in your dashboard and make an /authorize call to it to see if the user contains the custom claims. Also, just to double check, the user has assigned roles to it inside the dashboard, right?

Kind Regards,
Nik

6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.