Hello everyone,
It’s my first time using Auth0, and I need to add all permissions the user has to the access token.
I need it because the admin has the option to create roles with permissions in the application. But the functionality in the front-end needs to be different depending on user permissions, not user role.
The role is just a way to group the permissions and save time adding a new user to the system.
At the moment, I’ve created an Action with this code:
exports.onExecutePostLogin = async (event, api) => {
const ManagementClient = require('auth0').ManagementClient;
const management = new ManagementClient({
domain: event.secrets.domain,
clientId: event.secrets.clientId,
clientSecret: event.secrets.clientSecret,
});
const claimName = 'http://roles/permissions';
var params = {id: event.user.user_id};
var p = await management.getUserPermissions(params);
var permissionsArr = p.map(function (n) {
return n.permission_name;
});
api.idToken.setCustomClaim(claimName, {"permissions": permissionsArr});
api.accessToken.setCustomClaim(claimName, {"permissions": permissionsArr});
}
It works, but the claim is being added two times to the idToken, and probably the same is happening to the accessToken (not sure about this one).
Can anyone help me out?
[Edit]
I just learned that it must be “duplicated” the same happens when there’s more than one role assigned to the user.
I had no idea of that.
My only question now is how may I check the user permissions the same way with roles.
I am using Blazor, so for roles verification, I use this at the top of razor page:
@attribute [Authorize(Roles = "Admin")]