Auth0 Home Blog Docs

Authorization Extension does not populate user object




I enabled and configured the authorization extension. Created a role with permission and attached it to a user.
When I ran the example nodejs app it doesn’t receive the authorization related data.

I read this topic and extended the rule but without luck:

  getPolicy(user, context, function(err, res, data) {
    if (err) {
      console.log('Error from Authorization Extension:', err);
      return callback(new UnauthorizedError('Authorization Extension: ' + err.message));

    if (res.statusCode !== 200) {
      console.log('Error from Authorization Extension:', res.body || res.statusCode);
      return callback(
        new UnauthorizedError('Authorization Extension: ' + ((res.body && (res.body.message || res.body) || res.statusCode)))

    // Update the user object.
    user.groups = data.groups;
    user.roles = data.roles;
    user.permissions = data.permissions;
    context.idToken['id/authorization/roles'] = user.roles;
    context.idToken['id/authorization/permissions'] = user.permissions;
    context.idToken['id/authorization/groups'] = user.groups;
    console.log("context idToken:");
    context.accessToken['acess/authorization/roles'] = user.roles;
    context.accessToken['access/authorization/permissions'] = user.permissions;
    context.accessToken['access/authorization/groups'] = user.groups;
    console.log("context accessToken:");
    return callback(null, user, context);


http path must be used as a namespace