How to configure user API permissions

doaa.farouk07 · November 9, 2024, 6:50pm

Hello,
I created an API in the dashboard with two permissions read:photo and write:photo.
Now any user token against the api audience url, it has by default all the scopes (read:photo and write:photo), though the user is not assigned any permissions (in the users section), how can i configure the default permissions per user.

Please also find my sample authentication request body for a specific user:

grant_type=password&audience=api_url&username=username&password=pass&client_id=myClientId&client_secret=myClientSecret&scope=offline_access

Fario_Consulting · November 11, 2024, 10:03am

Hi,
You could implement access policies through rules. You would need to check the app_metadata for the user during token issuance and include only the scopes that match the policy defined there

system · March 31, 2025, 6:37pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Configure permission on client Get Help	4	1771	November 5, 2021
How do I restrict scopes in auth_token based on user profile? Get Help rules , scopes , access_token , access-token , jwtconfiguration	2	5012	March 2, 2018
How to assign custom scopes to users? Get Help users , scopes , api-authorization	6	14795	December 7, 2020
How to validate user role or permissions from my API Get Help user-profile , user-management	0	1324	June 30, 2023
How do i control the access to api management in Auth0 according to user previleges? Get Help management-api , grants	2	1001	May 5, 2023

How to configure user API permissions

Related topics