@pswartwout when you enable those settings in the extension a rule should be generated once you click the Publish Rule
button:
After that button has been pressed you should see a rule called auth0-authorization-extension
in the rules view: https://manage.auth0.com/#/rules
The top three boxes should
add this data to the JWT, but I think the rule generated is not adding it to the JWT. It seems to be adding it to the user profile only for the life time of the transaction here:
// Update the user object.
user.groups = data.groups;
user.roles = data.roles;
user.permissions = data.permissions;
return callback(null, user, context);
I will file a bug for this with the crew, but you can fix this by adding a new rule or augmenting this rule by doing:
// Update the access_token alternatively you could update id_token by doing
//context.idToken[]...
const namespace = 'https://yourdomain.com/claims/';
context.accessToken[namespace + 'groups'] = data.groups;
context.accessToken[namespace + 'roles'] = data.roles;
context.accessToken[namespace + 'permissions'] = data.permissions;
return callback(null, user, context);
As far as persisting the data to the user profile there are three additional toggles at the bottom of the Authorization API’s configuration section. These are for persisting the data to the profile. If any one of those is select the rule will output this:
saveToMetadata(user, data.groups, data.roles, data.permissions, function(err) {
return callback(err, user, context);
});
// ...
// Store authorization data in the user profile so we can query it later.
function saveToMetadata(user, groups, roles, permissions, cb) {
user.app_metadata = user.app_metadata || {};
user.app_metadata.authorization = {
groups: groups,
roles: roles,
permissions: permissions
};
auth0.users.updateAppMetadata(user.user_id, user.app_metadata)
.then(function() {
cb();
})
.catch(function(err){
cb(err);
});
}