Auth0 Home Blog Docs

Extract roles from authentication token in login callback

I have a Spring (boot) application that uses Auth0 for authentication. I fire the authentication flow in my controller with the Auth0 SDK:

// controller is com.auth0.AuthenticationController
controller.buildAuthorizeUrl(req, response, selfUrl + "/auth0/on-after-login")
                .withScope("openid profile email")
                .build();

but the token that I receive in the callback does not contains the claim https://access.control/roles that the sample app uses to read user’s roles. I have the following questions:

  • Is the https://access.control/roles claim somewhat standard to get user roles?
  • If yes, why is it empty in all of my tokens?

Meh, this community doesn’t work well for getting support. Anyway, I solved it by myself using this custom rule:

function (user, context, callback) {
  // https://auth0.com/docs/authorization/concepts/sample-use-cases-rules#add-user-roles-to-tokens
  const namespace = 'https://access.control';
  const assignedRoles = (context.authorization || {}).roles;

  let idTokenClaims = context.idToken || {};
  let accessTokenClaims = context.accessToken || {};

  idTokenClaims[`${namespace}/roles`] = assignedRoles;
  accessTokenClaims[`${namespace}/roles`] = assignedRoles;

  context.idToken = idTokenClaims;
  context.accessToken = accessTokenClaims;

  callback(null, user, context);
}

from this page.

I think the rule should at least be mentioned in the relevant examples like this one.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.