Problem statement
I have permissions that I add to the identity token using a custom rule. I need to get those permissions into the access token so our APIs can consume them. I don’t want to make a custom namespaced claim because I would have to change all of my APIs to look for a new property. How can I add properties into the access token “permissions” API?
Solution
To include permissions into the Access Token when authenticating against an API, there is the option to use the toggle in your custom API’s settings to add an array of the user’s permissions to the access token by default.
Navigate to your Auth0 Dashboard > Applications > APIs > YOUR_API > RBAC Settings and enable the Add Permissions in the Access Token toggle. See below for clarity.
This way, you can avoid creating another custom namespace.
However, note that in general, appending custom claims to an Access Token or ID Token must use a namespace. See the Create Custom Claims documentation to learn more.