I am using a spring boot(version 2.0.6) project in which I am configuring the Auth0.
Have used Auth0 sdk used by importing the dependency below
groupId - com.auth0
artifactId - auth0
version - 1.14.1
Basically, spring-security authorization works considering the roles of the user. Therefore, I have configured a rule in auth0 which adds the custom claim ‘roles’ in the access token. Auth0 allowed me to add the custom claim when i prepend the role with the namespace (client application’s domain used). However, spring-security only considers the key “roles” without considering the pre-pended namespace
because of which the authorization gets failed.
The below-mentioned spring security code fails with the error 403(access denied)
@PreAuthorize(“hasRole( ROLE_ADMIN )”)
I tried using auth0 rules adding the roles to the scopes in the access token but still couldn’t succeed in the authorization.
How to tackle this issue? Is there any possibility to add the custom claim “roles” without namespace prepended?
How to make spring security @PreAuthorize work with auth0 access token?