Last Updated: Jul 26, 2024
Overview
This article clarifies whether it is possible to retrieve the user’s Roles and/or Permissions and include them in the JWT Token during the login flow.
Applies To
- Actions
Solution
A Post-Login Action script must be used. Follow the video or steps below for Roles and/or Permissions.
Roles
Make sure that the user has a role by checking their user profile in the Dashboard. To do this:
-
Go to Dashboard > User Management > Users and find the user’s profile page.
-
Click on the Roles tab.
-
If the user has no Roles assigned, click the Assign Roles button and select a role from the dropdown list.
When adding the user’s Roles to the token, call the event.authorization.roles property and add it as a custom claim to the Token. Please see here on creating namespaced custom claims. Below is an example of using a Post Login script to add Roles to the tokens.
/**
* @param {Event} event - Details about the user and the context in which they are logging in.
* @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login.
*/
exports.onExecutePostLogin = async (event, api) => {
const namespace = '[https://my-app.example.com'](https://my-app.example.com'/);;
if (event.authorization) {
api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles); api.accessToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
}
}
Permissions
For Permissions, use the Management API in Actions to call the Get a User’s Permission endpoint to include into the Token.
The user’s Roles can also be retrieved by calling the Management API’s Get a user’s roles endpoint.
Related References
- Example Use Case: Add User Roles to ID and Access Tokens with Actions
- Post Login Event Object
- Post Login API Object
- Management API Get Permissions Endpoint
- Management API Get User Roles Endpoint
- How can I use the Management API in Actions?
- How do I make an Axios API call and store it as a custom claim using Actions?