I’ve been exploring creating a custom login experience for my users. This lead me down utilizing my backend for authentication operations via the Java Auth0 Client based on the Authentication API. This worked great for retrieving the id/access tokens with standard claims.
However, my application uses organizations. My API is configured with RBAC enabled and with the Add Permission in the Access Token toggled on. The tokens are fine and include the relevant claims when using the SPA and React SDKs. However, I can’t figure out how to login via my Spring Boot backend and have Auth0 give me back a token with those organization related claims.
Here is my code:
@PostMapping("/login")
public ResponseEntity<?> login(@RequestBody LoginRequest request) {
try {
char[] passwordChars = request.getPassword().toCharArray();
// Create the auth request with the original syntax you prefer
Request<TokenHolder> authRequest = authAPI.login(request.getUsername(), passwordChars)
.setScope("openid profile email offline_access")
.setAudience(audience)
.setRealm("some-db")
.addParameter("org_id", "org_SOME_ORG_ID")
.addParameter("organization", "some-org-name");
com.auth0.net.Response<TokenHolder> response = authRequest.execute();
TokenHolder holder = response.getBody();
return ResponseEntity.ok(new AuthResponse(
holder.getAccessToken(),
holder.getRefreshToken(),
holder.getIdToken(),
holder.getExpiresIn()));
} catch (Auth0Exception e) {
Map<String, String> error = new HashMap<>();
error.put("error", e.getMessage());
return ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(error);
}
}
This gives no errors and gives back the tokens without the organization related claims. What am I doing wrong here? Is this possible?
I am on the Essentials Tier. The Java Auth0 Client dep is 'com.auth0:auth0:2.14.0'
Thanks in advance!