I have created an action to include the user permissions in the id token (hopefully this helps someone since I couldn’t find an example)
exports.onExecutePostLogin = async (event, api) => {
const ManagementClient = require('auth0').ManagementClient;
const management = new ManagementClient({
domain: event.secrets.domain,
clientId: event.secrets.clientId,
clientSecret: event.secrets.clientSecret,
});
const params = { id : event.user.user_id};
try {
const res = await management.users.getPermissions(params)
const permissionNames = res.data.map(entry => entry.permission_name);
const permissionsClaim = 'permission'
api.idToken.setCustomClaim(permissionsClaim, permissionNames);
} catch (e) {
console.log(e)
}
};
If I try to use “permissions” as the claim name, which is what I would like to do for consistency, it does not add anything to the token. However, changing it to ‘permission’ does work.
Is this reserved?