I am trying to use the authorization extensions, however, I don’t see the roles getting passed to the JWT token. Here is the decoded token…
Header
{"typ":"JWT","alg":"RS256","kid":"<Removed>"}
Body
{"iss":<Removed>,"sub":<Removed>,"aud":<removed>,"iat":<removed>,"exp":<removed>}
Also Claim rolesClaim = jwt.getClaim("https://access.control/roles"); comes back null.
So I don’t see the role at all. How do I find the role?
I tried debugging the rule and it seems to be getting added correctly…
function saveToMetadata(user, groups, roles, permissions, cb) {
console.log("Roles are:"+roles);
10:26:05 AM: Roles are:Admin
So this part looks correct so why can’t I see it in Spring security?
@jakiegleason, there is a bug in the authorization extension now that will not add the roles to the JWT. You can add a rule to follow the authorization extension rule that does this:
function (user, context, callback) {
// OIDC-Conformant pipeline will not return JWT tokens
// with the non-namespaced "roles", "permissions" and/or "groups" custom claims
// so let's add them manually
context.idToken['https://mycustomdomain.com/claims/authorization/roles'] = user.roles;
context.idToken['https://mycustomdomain.com/claims/authorization/permissions'] = user.permissions;
context.idToken['https://mycustomdomain.com/claims/authorization/groups'] = user.groups;
callback(null, user, context);
}
I have filed a bug with that extension to fix this problem.
Thanks yeah this is basically what I did too. Now I am getting the permissions and seeing the Authority but Spring is still messing up somewhere. Thanks for the help if you get a chance see if you can help here… https://stackoverflow.com/questions/50586078/auth0-with-authorization-extension-not-passing-roles-to-spring-security-jwt-obje