How to Authenticate users through an organization? (Auth0)

I understand I need to append the claim in the token to be able to receive org_id.
Question is - should I append it to the ID token or Access token? in the auth0 docs it is appended to both - Work with Tokens and Organizations

Then next question is, how do I actually append it to the token(s)? I have created the organisation, enabled required settings, added roles and permissions through the dashboard, yet I think the last bit what is missing is to create a custom action I assume ?

I tried this example but no luck - How to add Roles and Permissions to the ID Token using Actions?

any ideas?

Hello @nonameroses welcome to the community!

If you auth a user through an organization either by adding the org_id as a param in the authorize request OR by relying on the organization picker built into Universal Login then the org_id is automatically added as a claim to both the access and ID tokens.

Are you also looking to add roles and permissions to tokens?

Let us know!

how do I add the org_id as a param in authorize request?

I forked out from this angular auth0 example GitHub - auth0-developer-hub/spa_angular_typescript_hello-world at basic-authentication-with-api-integration

yet I fail to find the part where the param is actually built. unless it is in set-env.ts which is what I tried adding to, but had no luck.

And yes I do use Universal Login, however, it did not automatically added claim to my tokens for some reason ? Like I mentioned before I do have an Organisation created, and along with it I created some permissions and roles. I have assigned a role/persmissions to my user as well, however, in my token I can’t see the permissions/roles either.

Some screen shots -

This would be added in AuthorizationParams.

What does the flow look like when you log a user in? At some point does the user choose which organization to login to?

Are you passing an audience param anywhere? The sample you’ve linked to doesn’t look to include an audience by default either - This will need to match the identifier of the API where you have toggled RBAC and to include permissions in the access token.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.