I am trying to get the permissions and roles associated with a specific user and for some reason Auth0 does not include those in the token. Could anyone help with what I may be doing wrong?
here is how I instantiate auth0; PS: I am using Auth0.js v9 Reference
const webAuth = new auth0.WebAuth({
domain: process.env.REACT_APP_AUTH0_DOMAIN || '',
clientID: process.env.REACT_APP_AUTH0_CLIENT_ID || '',
responseType: 'token id_token',
scope: 'openid profile email roles',
audience: 'ternwheel',
redirectUri: window.location.origin,
})
Here is how I call the auth with password and an email
webAuth.login(
{
realm: 'Username-Password-Authentication',
responseType: 'token id_token',
redirectUri: window.location.origin,
email,
password,
},
e => console.log(e)
)
finally auth0 sends me this token that does not include the permissions or roles
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik8wY0oyY05FRTJvQW43aTYtVG5nUiJ9.eyJpc3MiOiJodHRwczovL2Rldi15YjQ3MWR1c2JvdmsyMXV1LnVzLmF1dGgwLmNvbS8iLCJzdWIiOiJhdXRoMHw2NDJhOTViYWNmZjY2ZmRjZGM4OTczYzYiLCJhdWQiOlsidGVybndoZWVsIiwiaHR0cHM6Ly9kZXYteWI0NzFkdXNib3ZrMjF1dS51cy5hdXRoMC5jb20vdXNlcmluZm8iXSwiaWF0IjoxNjgwNjkyOTk2LCJleHAiOjE2ODA3MDAxOTYsImF6cCI6Im5xZWVZd1AyQ0ZUR1lyNnMzMnJkRlNKcG1QZ3ZOaEQ1Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsInBlcm1pc3Npb25zIjpbInVzZXI6bWFuYWdlciJdfQ.2xcr90GoYynvoWWOL-ur2ELiWY9Fwjy_bZFnlFwAMjtl3LhE9nFYYwbR3709o1E4SzxzMxSz3pWJ92_PuaG3qssVD6To9PchzE8Xz8xO2p-8vGFKo6950aDmYHzF-V_n-bhzPvgeErhI1jPYNc0JZ7Ak1X-oVE-forQLVecfXPXcw9O82abKRJjA9WxsUS2doS5O6TA1msn-flplFCjunRwqdqy8D-A3L1H5E2y7beRXtli9EYMYeNJH_5cjb36VYZP8M_z-tPE3w1y_Z94jvlJS9mkkhU5M1_pBcoegiCcINrXvAuxmYSHzl04lzuMUZD5LBT7sdTI1M8zgvMDYxQ
I have also turned on RBAC for my api.