This lab will help you learn how to build a Spring Boot app that uses Role-Based Access Control (RBAC) for authorization.
I followed all the steps, but still don’t see the assigned roles:
Hello, Felix!
Authorities: [OIDC_USER, SCOPE_openid, SCOPE_email, SCOPE_profile]
Hi @eckhardt, I would like to help, but I need more information. Did you create the roles in the Auth0 dashboard and assign it to your user ide using auth0 users roles assign "<user-id>" ? Did you also create the action and deploy it? could you please check if you missed any step in the lab?
can you also check if the roles are in your JWT using this step Role-Based Access Control in Spring Boot
Hi Deepu,
Thanks for your support. Here are my roles for the user
# auth0 users roles show
=== nobroker.au.auth0.com user roles (3)
ID NAME DESCRIPTION
rol_xxxxxxxx Admin Admin User
...
I assigned the roles via the web ui. But I guess that sohuld not make any difference. Is there a easy curl, to check the JWT content? And I followed the Role-Based Access Control.
Hi @eckhardt
You can get a JWT using the command auth0 test token -a https://AUTH0-DOMAIN/api/v2/ -s openid then you can decode it at jwt.io to see the scopes. Can you check if the action as explained in that tutorial has been created and is deployed to the login flow using your dashboard?
- Cick Actions (1) → Flows (2) → Login (3)
- Check if Add roles is present between start and complete (4)
- If not see custom tab on the right side (5)
- Add roles (6) should be present and you can drag and drop it to the flow
If all this is setup correctly, ensure that okta.oauth2.groupsClaim=https://spring-boot.example.com/roles is setup in the application.properties file. Note that https://spring-boot.example.com/roles should be the same namespace you defined in the action as well
Let me know what you find