Injecting permissions into JWT token using Auth0 rules

Hi,

I want to inject permissions into the user’s JWT token where the permissions is obtained from a public authorisation API. I tried to use the following rule but failed:

function (user, context, callback) {
  const url = require("url");
  const request = require("request");
  const authURL = new url.URL("https://some-domain.com/get_permissions");
  
  authURL.searchParams.append("email", user.email);
  return request(authURL.toString(), function(error, response, body) {
    if (!error && response.statusCode === 200) {
      const permissions = JSON.parse(body);
      context.accessToken.permissions = permissions;
    }
    return callback(null, user, context);
  });
}

I got the following JWT token:

{
  "iss": "https://test.eu.auth0.com/",
  "aud": [
    "https://test.eu.auth0.com/userinfo"
  ],
  "permissions": []
}

Is there any suggestion on how to accomplish my goal?

Regards,
Herry

Hi @herry and welcome to the Auth0 Community! :slightly_smiling_face:

I’d recommend exploring our documentation on adding custom claims to your JWT. This documentation also contains some use cases that involve requesting custom API access as well as further context around adding your permissions or scopes to a JWT.

Let me know if that information helps move your solution forward.

Best Regards,
Colin

2 Likes

Hey there!

As this topic is related to Rules - Hooks - Actions and Rules & Hooks are being deprecated soon, I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!