Authorization Extension not working with Spring Security

General
,
#1

I am trying to use the authorization extensions, however, I don’t see the roles getting passed to the JWT token. Here is the decoded token…

Header
{"typ":"JWT","alg":"RS256","kid":"<Removed>"}
Body
{"iss":<Removed>,"sub":<Removed>,"aud":<removed>,"iat":<removed>,"exp":<removed>}

Also Claim rolesClaim = jwt.getClaim("https://access.control/roles"); comes back null.

So I don’t see the role at all. How do I find the role?

How to get all user Claims with tokenOptions
#2

I tried debugging the rule and it seems to be getting added correctly…

function saveToMetadata(user, groups, roles, permissions, cb) {
     console.log("Roles are:"+roles);

10:26:05 AM: Roles are:Admin

So this part looks correct so why can’t I see it in Spring security?

#4

@jakiegleason, there is a bug in the authorization extension now that will not add the roles to the JWT. You can add a rule to follow the authorization extension rule that does this:

function (user, context, callback) {
  // OIDC-Conformant pipeline will not return JWT tokens
  // with the non-namespaced "roles", "permissions" and/or "groups" custom claims
  // so let's add them manually

  context.idToken['https://mycustomdomain.com/claims/authorization/roles'] = user.roles;
  context.idToken['https://mycustomdomain.com/claims/authorization/permissions'] = user.permissions;
  context.idToken['https://mycustomdomain.com/claims/authorization/groups'] = user.groups;
  callback(null, user, context);
}

I have filed a bug with that extension to fix this problem.

1 Like
#5

Thanks yeah this is basically what I did too. Now I am getting the permissions and seeing the Authority but Spring is still messing up somewhere. Thanks for the help if you get a chance see if you can help here… https://stackoverflow.com/questions/50586078/auth0-with-authorization-extension-not-passing-roles-to-spring-security-jwt-obje

#6

Hey there!

Sorry for such a delayed response! We’re doing our best in providing you with the best developer support experience out there but sometimes our bandwidth is just not enough for all the questions coming in. Sorry for the inconvenience!

Can you let us know if you still require further assistance from us?

#7