Hi, I use an OpenID Connect enterprise connection to federate users. The returned ID-token contains a custom claim that represents the roles of the given user. I want to dynamically map the content of this id-token claim to an Auth0 role in order to get correct content of the permissions claim in the returned access token from Auth0. Is this possible?
Hi @tyf and thanks for the reply! I have managed to set roles with the Management API that you suggested. But I am not sure if this solution will scale? I must execute 2 Management API calls for every authentication, one to get user-details that contains my custom claim data and one to assign roles accordingly. The documentation mentions rate-limiting for the Management API and our peak hours in production contains hundreds of logins per second. What do you think about that scenario?
No problem, happy to help!
I think you are correct in being concerned that this approach will not scale to such a level - This is unfortunately a tricky spot to be in as there aren’t any great options given that each login would require multiple calls to the Management API. This probably wasn’t the best recommendation from the get go!
Again, there unfortunately isn’t a straightforward solution I’m aware of
I’m afraid that will not work? My understanding is that it has to be a synchronous operation in order to get the correct content in the returned access token? (The permission claim is deduced from the roles)