It’s possible I’ve overlooked an existing feature but want to clarify intent of functionality as it relates to Rules and RBAC.
RBAC looks like something that Auth0 is investing in expanding the capabilities for and will eventually phase out the authorization extension (as a couple blog posts suggest)
There is also a default “set roles to a user role” rule that this article outlines https://auth0.com/rules/roles-creation
When using a Rule to specify a user role, the role information becomes available in the access token/id token (however you’ve configured the rule) HOWEVER the actual role in the system is NOT updated to contain that user.
I found this documentation that outlines how to add users to roles through the management api: https://auth0.com/docs/api/management/v2/#!/Roles/post_role_users
My question is really, when using the rule approach, is it intended that the user is not added to the role definition?
What is the latest best practice for “auto-provisioning” users to roles within the tenant?