Group Id verification in backend API


Is there a way to add the Group Id to the access token in a rule/action?

My backend api needs to restrict the data returned based on the user’s group(s).
The default rule for adding groups from the authorization extension only adds the group name rather than the group id.
While helpful, this could lead to problems as the group name could easily change.

I would use organizations and organization id, but this is restricted to the Enterprise plan so that is out.

Are there any other/better options than either:

  1. Make an additional authorization extension api call in the custom rule to retrieve the user’s groups, parse the returned id’s, and add a custom claim


  1. Have the backend API make calls to the authorization extension ‘api/groups’ endpoint to get a list of all group names/ids and then map the group names received on the access token to the appropriate group id

I found related questions, but no real answers:


1 Like

Hi @rwa,

Welcome to the Auth0 Community!

Thanks for posting a really well-thought-out question. You’ve mentioned the two approaches that I would have suggested.

Unfortunately, there is no silver bullet here, and you will have to implement one of the solutions you described. Let me know if you have any specific questions about it.