Auth0 Home Blog Docs

How do I get role claims added to my access token?

This seems like such a simple question. How do I get role claims added to my access token?

I am using RBAC having enabled it on my API.

I am successfully receiving permissions claims as well.

What I am hoping for is to add roles claims alongside those permissions claims.

Everything I search for seems to take me back to creating a Rule and the example of creating an “admin” or “user” role claim based on the “Set roles to a user” Rule template:

This template assumes that the roles you want added to the token are based on the domain of the email address of the user. That is not what I want at all.

What I want is to add the roles I have associated with a user through the Users & Roles feature in the Management Dashboard.

How do I do that?

Here is an example of the claims I am receiving in my access token now:

[{
		"type": "iss",
		"value": "https://centurysoftwaretech.auth0.com/"
	}, {
		"type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
		"value": "google-oauth2|REDACTED"
	}, {
		"type": "aud",
		"value": "http://localhost/auth0testapi"
	}, {
		"type": "aud",
		"value": "https://centurysoftwaretech.auth0.com/userinfo"
	}, {
		"type": "iat",
		"value": "1564432797"
	}, {
		"type": "exp",
		"value": "1564519197"
	}, {
		"type": "azp",
		"value": "REDACTED"
	}, {
		"type": "scope",
		"value": "openid"
	}, {
		"type": "permissions",
		"value": "read:messages"
	}, {
		"type": "permissions",
		"value": "read:values"
	}, {
		"type": "permissions",
		"value": "write:values"
	}
]

Please advise. Thank you.
Jack

I tried the following but it had no effect.

I created a Rule named “Add role claim” and provided the following as its body:

function (user, context, callback) {
  
  var roleClaim = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role";
  
  context.accessToken[roleClaim] = user.roles;
  
  callback(null, user, context);
}

It had no discernible effect on my claims.

What is the secret?