How do I add a default role & permissions to a user?

Continuing the discussion from How do I add a default role to a new user on first login?:

Following this discussion, I implemented the rule to add the default role.

This will however only add the granted permissions when the user logs in a second time.

How can I make sure that the user gets his role & permissions even in the first logins token?


I have the same problem. Have you found a solution yet?

I’ve found an ugly hack, but not really a solution: The client has to immediately refresh on first login. The second token will be correct.

I’m also looking for a solution that will include the permissions in the access token on first login without forcing the client to refresh the access token. @dan.woda Are you able to assist and update the FAQ?

There are several threads on this topic with no clear answer:


You will have to force a token refresh on first login to get the role’s permissions in the AT. You should be able to do this silently without the user providing credentials.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.