Auth0 Home Blog Docs

Having trouble accessing roles on user account via ID or Access Tokens

roles
authorization-extens
authorization
#1

Hi there!

High level:

  • Using Auth0-js with React single-page app
  • Can’t access roles I’ve assigned to an authenticated user via the auth result returned from Auth0

The auth response I receive from Auth0 does not appear to contain any role information.
I’ve added a rule that should show me everything available

Rule:

function (user, context, callback) {
var namespace = ‘https://conservewithus/’;
context.idToken[namespace + ‘everything’] = user;
callback(null, user, context);
}

My current configuration in the JS React code:

const auth0Client = new auth0.WebAuth({
audience: “https://conservewith.us/cms-api/v1”,
clientID: AUTH0_CLIENT_ID,
domain: “conservewithus.auth0.com”,
redirectUri: “http://localhost:8080”,
responseType: “token id_token”,
scope: “openid profile email offline”
});

I even created an API and enabled RBAC and believe I am using that API via the audience key I’ve set in my JS request.

The https://conservewithus/everything exists in my response but logging the entire key still doesn’t include any information about roles.

Any guidance on what I might be missing would be much appreciated. Thanks!

Some last context:
I recently added the Authorization Extension and was playing around with the feature set. After doing some reading, I decided to remove the Authorization Extension and just use Authorization Core. I’m not sure if this would cause standard role behavior to be overwritten?

1 Like
#2

If you want the actual Role you assigned/created, I’m pretty sure you need to do that in a rule. Like so: https://auth0.com/docs/scopes/current/sample-use-cases#add-custom-claims-to-a-token