Hooks and id_token

Hi, I’m using a rule to enrich my id_token with a “$namespace/permissions” claim.
How can I do the same with a hook: using client credentials grant, my application expects to find the claim in order to validate the authorization.

Thank you in advance,

Where do these permissions come from? Are you using Auth0’s RBAC core feature?
Another question: why do you need the permissions in the ID token and not the access token?

This might be a helpful post:

1 Like

The permissions come from RBAC indeed.
With my SPA app, I read the id_token to get the permissions (am I doing that right?).
With the M2M, you’re saying I can rely on the access_token to get the permissions? I can see indeed a claim “permissions” in it but it is missing my namespace. If I understang correctly the post you’ve quoted I should be able to enrich the access_token on my M2M app with a hook.

access_token['https://namespace/permissions'] = scope;

Ok, I’ve tried adding the following hook, and it does what I need. Thank you for your quick and efficient response!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.