Hi there, I’m using the Authorization extension and I created a rule to put the groups and roles of a user into a custom claim in the access token for my API, under “[namespace]/groups” and “[namespace]/roles” respectively. That works just fine.
However, I’m trying to figure out how to integrate that with Spring Security. I looked at this link: JWT with roles for Spring Security
It’s outdated and references the old Auth0 Spring SDK, but I’m going to assume it’s still accurate in the idea that Spring looks at the “scope” attribute of the JWT and parses groups/roles/permissions from there.
If so, does that mean I will have to manually go through the groups and roles I put in the access token and put them into the scope field instead? If so, how would I go about doing that effectively? If not, what is a viable way?