How to set app roles/permissions directly in enterprise IDP

I have an Okta enterprise connection for my Auth0 app. This Okta connection allows my customer to control which users in their organization have access to my application directly (in Okta). I would like to also allow my customer to set permissions to different features in my application directly in Okta. I was thinking that they could add custom claims to the tokens that Okta sends to Auth0, then I could pass those claims on to my app in the token that Auth0 sends to my app. I was thinking this would be possible by accessing the original (Okta) token in the context provided to an Auth0 action. The Auth0 action would grab the custom claims from the original (Okta) token, and then set those claims using the api.accessToken.setCustomClaim function. For logins that use enterprise connections (or social connections, or any type of external connection for that matter), is the original access token supplied by the third-party IDP (Okta in my case) available to Auth0 actions? If not, is there another way that my customer could set permissions for my app in their IDP (Okta)?

The original access token provided by Okta is not available to Auth0 actions, However, you can use Auth0’s rules features or Authorization extension to achieve your desired functionality..

1 Like

Thank you @arjunsuhass! I see that I am able to get the incoming (in my case, Okta) access token within an Auth0 Rule via the user context object. Specifically, it is in the user.identities array (e.g. user.identities[0].access_token).

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.