I have created an API and added some custom scopes, such as Message:Read, Users:Delete. Where do I assign these scopes to a user? For example, that user Bob has the scope Message:Read.

The recent recommendations for how to implement this with Auth0 RBAC can be found on this QA.

If you want to restrict the set of scopes that can be requested on a per-user basis then you can do so by implementing the associated access policy through rules . A very simple rule example with an hardcoded access policy follows: function (user, context, callback) { var _ = require("lodash"); …

Thanks, But I thought I can apply the scopes to a User in the App_MetaData field? Or have I misunderstood. Essentially, I want to secure certain RESTful endpoints to only those users who have the permission. Thanks

You can store the information that allows you to make the decision in app_metadata; however, you would still use the rule to check if the user has the right app_metadata information and issue the token with the scopes in accordance to the metadata.

How to assign custom scopes to users?

Get Help

Topic		Replies	Views
What are the options for custom scopes per user and per Client. Get Help rules , custom-database , scopes	2	4153	December 17, 2018
How do I restrict scopes in auth_token based on user profile? Get Help rules , scopes , access_token , access-token , jwtconfiguration	2	5037	March 2, 2018
Insufficient Scope error. Token does not contains scopes JWT.io jwt , auth0	3	12310	December 27, 2018
Unable to set custom scopes after login Get Help auth0 , rules , scopes , scope	2	3948	August 1, 2019
Set scope based on user metadata Get Help roles , user-metadata , scope	2	7032	March 2, 2018

How to assign custom scopes to users?

Related topics