Injecting permissions into JWT token using Auth0 rules


I want to inject permissions into the user’s JWT token where the permissions is obtained from a public authorisation API. I tried to use the following rule but failed:

function (user, context, callback) {
  const url = require("url");
  const request = require("request");
  const authURL = new url.URL("");
  return request(authURL.toString(), function(error, response, body) {
    if (!error && response.statusCode === 200) {
      const permissions = JSON.parse(body);
      context.accessToken.permissions = permissions;
    return callback(null, user, context);

I got the following JWT token:

  "iss": "",
  "aud": [
  "permissions": []

Is there any suggestion on how to accomplish my goal?


Hi @herry and welcome to the Auth0 Community! :slightly_smiling_face:

I’d recommend exploring our documentation on adding custom claims to your JWT. This documentation also contains some use cases that involve requesting custom API access as well as further context around adding your permissions or scopes to a JWT.

Let me know if that information helps move your solution forward.

Best Regards,