Problem statement
Auth0’s actions provide access to an authorization object on the event that is documented to contain the roles that are assigned to the user. However, I need access to the permissions associated with the roles, and I’d like to not use the API Management client primarily to avoid network overhead and potentially being restricted by rate limits associated with calls to the API Management endpoints.
There is a setting within the API resource for “Add[ing] Permissions to the Access Token” that we have toggled on. When the access token is received from Auth0, it has these permissions. When are these appended to the access token? Can I access these within an Action so I can enhance them without needing to call the API Management endpoints?
Solution
Unfortunately, a user’s permissions are not currently accessible in Post-Login Actions.
If you would like to see this functionality in a future release of Auth0, we would encourage you to submit a feature request using this form: Auth0 Feedback. This is a direct line to our Product team and the best way to communicate your needs.