Getting scope back in getIdTokenClaims (Vue)

I’ve been trying to get the user roles and permissions back in the client, but can’t seem to get it to be returned.
I’m using Vue, integrated Auth0 with the Vue integration guide and am now trying to follow the instructions here: Auth0 Configuration (SPAs + API).

I’ve installed the Authentication extension and implemented the rules as described.

Help!! :slight_smile:

Hi @guangmian_auth0,

Can you give us some more detail? Are you getting any errors? Are you requesting scopes with the token? Roles will not be added to the token by default. Posting your code could help narrow things down.

In addition, we are offering user roles and permissions as a core feature, I would recommend using that if you don’t have any reason to stay with the extension.

Let me know.


Hi Dan,

Thanks for the response.

Here is my code in Vue:

      <img :src="$auth.user.picture" />
      <h2>{{ token }}</h2>
      <pre>{{ JSON.stringify($auth.profile, null, 2) }}</pre>

export default {
  data() {
    return {
      token: 0
  mounted() {

      this.$auth.getIdTokenClaims().then(accessToken => (this.token = accessToken));

Then the response I get back for {{token}} is only this:

  "__raw": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlJVUTJOMFExT0RjMU1qZ3lNakk1TTBNM1FqVTJORE5ETXpFelF6VkRNVE5GUXpjMFFrUkdNdyJ9.eyJuaWNrbmFtZSI6Imd1YW5nbWlhbiIsIm5hbWUiOiJndWFuZ21pYW5AZ21h**********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-sKlnbEhFlhG6YazpqVajcNUeBeCeNjNBs9lgOVd3XYBiPIZMKT4tfVeh7KSeYBLNwAlX78MtXu9N9RQpRUvYEjnTfOYphO_kwgDnSuvAlpbYAPWOYPhNFlnhaFVAXJCmd1e3jD89NHY44Lk48l62X4C40KdjTDGMKyZMKQpGCTREVFRHCQ6pVDNm6x3xVt02xW_vENIOaNVuShquzhhtYO3sjTLeJnHY9U6C-Ki5bgxyaEPz6ZtGQN8Jde-I2qPUHbECuh7Q",
  "nickname": "**********",
  "name": "g***********",
  "picture": "**********?s=480&r=pg&",
  "updated_at": "2019-10-23T21:39:45.969Z",
  "email": "g**********",
  "email_verified": false,
  "iss": "https://de****",
  "sub": "auth0|5dacc2**********d0e29505fba",
  "aud": "lPhn4UqQZI**********iGet213K6",
  "iat": 157**89478,
  "exp": 1572***478,
  "nonce": "AuRrXp1**********U3hS9Kj8"

I’d have loved to just use your core functionalities but your documentation here instructs everyone explicitly to use the Authorisation Extension to get back the scope and permissions in the API response. Is this out-of-date? The


That doc is technically correct, but it may be helpful in the future if you were to switch to the core authorization features as the extension will be eventually deprecated. I have opened a discussion with the team about the topic as a result of this conversation. I will update here when I have a clear answer.

For now we can move forward with the way the doc describes. When debugging in a rule, are you able to see that the roles and permissions are available? You can us a console log to see if the roles and permissions are available.

Let me know.


Update: the scenario is currently being rewritten, but either solution is viable at this time.

If you were to use the core RBAC functionality, adding roles to the token can be done like this.