exports.onExecutePostLogin = async (event, api) => {
const namespace = '...';
console.log(JSON.stringify(event));
if(event.user.user_metadata.assigned_permissions)
api.idToken.setCustomClaim(namespace+'permissions', event.user.user_metadata.assigned_permissions);
if (event.authorization)
api.idToken.setCustomClaim(namespace + 'roles', event.authorization.roles);
api.idToken.setCustomClaim('Working', 'The action it woring');
};
I now see the ROLES but I need the PERMISSIONS and there isn’t an authorization property for that. How do I grab the Permissions using the action instead?
I have confirmed the roles are mapped in both the API and the User and the RBAC and permission support are enabled
But I still don’t see anything (I would expect to see at least weirdo even if the getting the permissions is messed)
User is {"https://secondave.net/roles":[],"https://secondave.net/picture":"https://lh3.googleusercontent.com/a/ACg8ocL7LkvLhW8oA9ZaOx9WczixrQkJJZSE7JeuUdDrY1aD6sE=s96-c","given_name":"Jackie","family_name":"Gleason","nickname":"jackiegleason","name":"Jackie Gleason","picture":"https://lh3.googleusercontent.com/a/ACg8ocL7LkvLhW8oA9ZaOx9WczixrQkJJZSE7JeuUdDrY1aD6sE=s96-c","locale":"en","updated_at":"2024-01-15T15:39:37.218Z","email":"jackiegleason@gmail.com","email_verified":true,"sub":"google-oauth2|111260033634073020811"} SiteBar.jsx:25:12
Also I am a little confused if I CAN’T use permissions, why can I use roles? And when I use roles, why are only the permissions included in the access token?
This is basically forcing me to use one for the UI and one for the BE. This seems to add some confusion to my app and it would be easier to just use one or the other. So I am a bit confused on the security difference if the permissions are listed in the JWT access token and anyone can decrypt that to infer the permissions.