I am following the getting started tutorial (vuejs)
But I have no idea how to retrieve permission for a particular user. Please show me how to do that. Thanks.
Hey there!
The quickstart doesn’t involve such information but you can use the Management API and make the request to one endpoint to retrieve such data. Here’s how:
It seems like there is a 9 (or 10) endpoints limit.
When I was working on the backend code (spring boot), I can retrieve the permissions from the jwt.
How come in frontend, I need to call another endpoint to get the permissions? Can I just get them from jwt (“permissions” field)?
I pasted jwt passed from auth0 (http://jwt.io) , I can see clearly there’s a “permissions” field that has what I needed.
{
"iss": "https://xxxx/",
"sub": "auth0|xxxxx",
"aud": [
"http://localhost:8080/api",
"https://xxxx"
],
"iat": 1599183033,
"exp": 1599269331,
"azp": "xxx",
"scope": "openid profile email",
"permissions": [
"create:content",
"view:content"
]
}
According to document, management api needs “client_secret” (Overview of Auth0's Management API v2 to update client settings)
Don’t you think putting client secret in javascript file is unsafe?
Btw, I tried it with curl, and I get “{“statusCode”:403,“error”:“Forbidden”,“message”:“Insufficient scope, expected any of: read:users”,“errorCode”:“insufficient_scope”}”
I have added “read:users” in my user. Not sure what goes wrong.