How to fetch roles with permissions dynamically as part of access token, if user has multiple roles and permissions

Added rule Which I have it, getting roles and permissions separately as part of access token, attached the decode token below. But I am expecting json response as below roles and permissions need to be associated like below as part of access token

  1. role-a
    create:orders
    update:orders
  1. role-b
    create:products
    update:products
    delete:products
    list:products

// rule

async function(user, context, callback) {
const namespace = ‘https://user’;
const map = require(‘array-map’);
const ManagementClient = require(‘auth0@2.17.0’).ManagementClient;
const management = new ManagementClient({
token: auth0.accessToken,
domain: auth0.domain
});

const params = { id: user.user_id, page: 0, per_page: 50, include_totals: true };
const permissions = await management.getUserPermissions(params);
const assignedPermissions = map(permissions.permissions, function (permission) {
return permission.permission_name;
});

const assignedRoles = context.authorization ? context.authorization.roles : null;

if (context.idToken) {
const idTokenClaims = context.idToken;
idTokenClaims[${namespace}/roles] = assignedRoles ? assignedRoles : [“Guest”];
idTokenClaims[${namespace}/permissions] = assignedPermissions;
context.idToken = idTokenClaims;
}

if (context.accessToken) {
const accessTokenClaims = context.accessToken;
accessTokenClaims[${namespace}/roles] = assignedRoles ? assignedRoles : [“Guest”];
accessTokenClaims[${namespace}/permissions] = assignedPermissions;
context.accessToken = accessTokenClaims;
}

console.log(user.user_metadata);
if (context.idToken && user.user_metadata) {
context.idToken[namespace + ‘/user_metadata’] = user.user_metadata;
context.accessToken[namespace + ‘/user_metadata’] = user.user_metadata;
}
console.log(user.app_metadata);
if (context.idToken && user.app_metadata) {
context.idToken[namespace + ‘/app_metadata’] = user.app_metadata;
context.accessToken[namespace + ‘/app_metadata’] = user.app_metadata;
}

callback(null, user, context);
}

// jwt decoded token


{
  "https://user/roles": [
    "role-a",
    "role-b"
  ],
  "https://user/permissions": [
    "create:role_members",
    "create:users"
  ],

Hey there @selvi!

I’m not sure there is a straightforward way to associate roles with specific permissions - Out of curiosity, what’s the use case where this is needed - Specifically, if you have the correct roles/permissions why does it matter that they are associated?

I suppose you could use the management api to get permissions granted by a specific role and go about it that way :slight_smile:

Let us know!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.