Auth0 Home Blog Docs

Cannot get authorization (roles, permissions) data in user data

Hello, I’m trying to get an account’s roles and permissions then add them to idToken as custom claims. But it seems like I missed something or misconfigured so authorization extension doesn’t work as I expected. Please help

What I’ve done:

  1. Create an API named ‘New API’. A machine-to-machine app was also created automatically after this step.

  2. Define scopes of New API, including ‘read:data’, ‘create:data’, ‘delete:data’.

  3. Install authorization extension.

  4. Create permissions with names exactly same as scope names in step 2

  5. Create role ‘New API Manager’ with all 3 permissions created in step 4.

  6. Create a group named ‘KMS’.

  7. Add an user to role ‘New API manager’ and group ‘KMS’

  8. In Authorization configuration, enable token contents ‘groups’, ‘roles’, ‘permissions’. Then Publish Rule

  9. Add new rule with following code:

    function (user, context, callback) {
    const namespace = ‘’;
    context.idToken[namespace + ‘permissions’] = user.permissions;
    context.idToken[namespace + ‘groups’] = user.groups;
    callback(null, user, context);

  10. When I try to login with the user in step 7, I check the rule log in ‘Debug rule’, and here’s the information. The question is why am I only receiving ‘groups’, while ‘roles’ and ‘permissions’ fields are empty arrays

Here’s the user I logged in

Here’s the idToken payload

Hey there @huyennbl!

I’ve managed to reproduce what you wanted to achieve step by step. It seems like you’ve chosen the wrong application when setting up roles and permissions which I also confirmed using our internal admin tools. Here’s the doc reference:

Looking at this doc: “The roles that you will create will depend on the access to certain permissions in your application”

You also need to take care of the fact that you need to initiate the login flow from the same application.

Let me know if that work for you!

Thanks for your support, I’m not sure what you mean by ‘chosen wrong application’ because I have only 1 option.
I tried removed all the app, api, roles settings, then do it again, and now it works.

okok glad to hear that! Thought you have multiple apps set for testing purposes and that you’ve just not chosen the right one.

Stoked it worked for you in the end!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.