Feature: Management API endpoint to get a user’s permissions that are derived from roles they are assigned in a given organization
Description: Based on the discussion thread here. While there is an endpoint to get a user’s permissions that are based on overall (non-organization) roles, there is no such endpoint to get a user’s permissions based on roles assigned within an organization. Currently, one has to first query for a user’s roles in the organization (/api/v2/organizations/{id}/members/{user_id}/roles
), then make a separate query for each role returned to get the associated permissions (/api/v2/roles/{id}/permissions
). The expected endpoint for this new requested feature would take the form of /api/v2/organizations/{id}/members/{user_id}/permissions
.
Use-case: The use cases this endpoint would serve are the same as the use cases currently served by the /api/v2/users/{id}/permissions
endpoint, but extends them to include scenarios in which organizations are used. In addition to the discussion thread referenced above, this feature would also assist in the use case described here. In my particular case, what I am ultimately trying to enable is the ability to merge permissions derived from a third-party IDP (such as Okta) with permissions set in Auth0, all within an Auth0 Action, such that I can produce a custom claim in an access token that includes both IDP-derived and Auth0-derived permissions.