I have a Spring (boot) application that uses Auth0 for authentication. I fire the authentication flow in my controller with the Auth0 SDK:
// controller is com.auth0.AuthenticationController controller.buildAuthorizeUrl(req, response, selfUrl + "/auth0/on-after-login") .withScope("openid profile email") .build();
but the token that I receive in the callback does not contains the claim
https://access.control/roles that the sample app uses to read user’s roles. I have the following questions:
- Is the
https://access.control/rolesclaim somewhat standard to get user roles?
- If yes, why is it empty in all of my tokens?