We aren’t seeing permissions returned through the logical API as we’d expect. We have the user assigned a role with permissions from the linked APIs and are requesting them as scopes when we request the token. RBAC and is turned on for each API and so is the “Add Permissions to Token” option. In each linked API, we’ve granted all permissions to the logical API and authorized it to request tokens.
Is there any obvious reason this setup wouldn’t just work? Thanks!
I have just tested RBAC with permissions on my tenant and was successfully able to request an access token with the permissions in the token. See below:
Could please clarify if you have included the audience parameter in the /authorize request? If not, I recommend setting your logical API identifier as the audience parameter of the request.
This should request an access token with the permissions array in the data.
we’ve set the proper audience yes. I see that you aren’t requesting any scopes so are the permissions you have returned role based and part of the same logical API? I’d like to request a custom scope for permissions that are provided by a linked API and forwarded through the logical API. Have you seen that work? Thanks
To make a request with custom scopes, you will need to include them in the scope parameter of the request.
And to get the permissions in the access token, you will need to enable the RBAC settings of your Logical API. I believe you have done this step already.