Include user permissions to idToken and accessToken

Hey folks,

I am struggling to glue together some pieces that, at least in my mind, should work seamlessly:

I have an SPA application and I just want to make one of the users ADMIN - whatever this means in the context of that application. I have tried with permissions (no luck, they require API assignment) or roles, but roles are not returned when authenticating.

What did work was to configure a login flow Login Flow, however permissions is reserved claim that I can’t inject, so I end up using a weird namespace convention (as suggested)

exports.onExecutePostLogin = async (event, api) => {
  const namespace = '';
  if (event.authorization) {
    api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
    api.accessToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);

I would not mind switching to an API, but then I could not find how to configure application with users databases.

Any help is welcome, this topic is driving me crazy for past 2 days :slight_smile: