How to configure user API permissions

doaa.farouk07 · November 9, 2024, 6:50pm

Hello,
I created an API in the dashboard with two permissions read:photo and write:photo.
Now any user token against the api audience url, it has by default all the scopes (read:photo and write:photo), though the user is not assigned any permissions (in the users section), how can i configure the default permissions per user.

Please also find my sample authentication request body for a specific user:

grant_type=password&audience=api_url&username=username&password=pass&client_id=myClientId&client_secret=myClientSecret&scope=offline_access

Fario_Consulting · November 11, 2024, 10:03am

Hi,
You could implement access policies through rules. You would need to check the app_metadata for the user during token issuance and include only the scopes that match the policy defined there

Topic		Replies	Views
Configure permission on client Help	4	1755	November 5, 2021
How do I restrict scopes in auth_token based on user profile? Help rules , scopes , access_token , access-token , jwtconfiguration	2	5008	March 2, 2018
How to assign custom scopes to users? Help users , scopes , api-authorization	6	14750	December 7, 2020
How to validate user role or permissions from my API Help user-profile , user-management	0	1250	June 30, 2023
How do i control the access to api management in Auth0 according to user previleges? Help management-api , grants	2	992	May 5, 2023

How to configure user API permissions

Related Topics