Conditionally add scope based on Auth0 role

Hi there!

Could you help me with the following. Currently our application (.NET Core API) is protected by using [Authorize("myscope")].

A small number of the users defined in our Auth0 tenant have a custom role, Manager.

Would it be possible to conditionally add this scope myscope to the user’s token only if the user has this role? Would this even be a secure solution or do we need to add the role to the token and check that in the application?

Best regards,

Emiel

Hi @emiel.koning,

Thanks for reaching out to the Auth0 Community!

Yes, it is possible to conditionally add any scope you want to the user’s access token.

To do so, you’ll need to use Auth0 Rules and use the context.authorization.roles object to determine if your user matches the Manager role and then modify the context.accessToken.scope object to add your custom scopes.

Doing so will allow you to add scopes to the user’s access token conditionally.

You may find our Context Object Properties in Rules documentation helpful.

Please let me know if there’s anything else I can do to help.

Thank you.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.