Auth0 Home Blog Docs

Authorization Extension not working with Spring Security



I am trying to use the authorization extensions, however, I don’t see the roles getting passed to the JWT token. Here is the decoded token…


Also Claim rolesClaim = jwt.getClaim("https://access.control/roles"); comes back null.

So I don’t see the role at all. How do I find the role?


I tried debugging the rule and it seems to be getting added correctly…

function saveToMetadata(user, groups, roles, permissions, cb) {
     console.log("Roles are:"+roles);

10:26:05 AM: Roles are:Admin

So this part looks correct so why can’t I see it in Spring security?


@jakiegleason, there is a bug in the authorization extension now that will not add the roles to the JWT. You can add a rule to follow the authorization extension rule that does this:

function (user, context, callback) {
  // OIDC-Conformant pipeline will not return JWT tokens
  // with the non-namespaced "roles", "permissions" and/or "groups" custom claims
  // so let's add them manually

  context.idToken[''] = user.roles;
  context.idToken[''] = user.permissions;
  context.idToken[''] = user.groups;
  callback(null, user, context);

I have filed a bug with that extension to fix this problem.


Thanks yeah this is basically what I did too. Now I am getting the permissions and seeing the Authority but Spring is still messing up somewhere. Thanks for the help if you get a chance see if you can help here…