Hi, I’m using a rule to enrich my id_token with a “$namespace/permissions” claim.
How can I do the same with a hook: using client credentials grant, my application expects to find the claim in order to validate the authorization.
Where do these permissions come from? Are you using Auth0’s RBAC core feature?
Another question: why do you need the permissions in the ID token and not the access token?
The permissions come from RBAC indeed.
With my SPA app, I read the id_token to get the permissions (am I doing that right?).
With the M2M, you’re saying I can rely on the access_token to get the permissions? I can see indeed a claim “permissions” in it but it is missing my namespace. If I understang correctly the post you’ve quoted I should be able to enrich the access_token on my M2M app with a hook.