getPermissionsInRole requires the permission read:roles (Auth0 Management API v2). However, the Access Token for the Management API, which is available through auth0.accessToken, is limited to the read:users and update:users scopes (Use the Management API from within Rules).
To call getPermissionsInRoles, you can register a Machine-to-Machine app with the read:roles permission for your rule and use the client credentials grant to get an Access Token:
const ManagementClient = require(‘auth0@2.35.0’).ManagementClient;
const management = new ManagementClient({
domain: '{YOUR_ACCOUNT}.auth0.com',
clientId: '{YOUR_NON_INTERACTIVE_CLIENT_ID}', // <-- use the client ID of the m2m app you created for the rule
clientSecret: '{YOUR_NON_INTERACTIVE_CLIENT_SECRET}', // <-- use the client secret of the m2m app you created for the rule
scope: "read:roles",
audience: 'https://{YOUR_TENANT_NAME}.auth0.com/api/v2/'
})
const roleId = {id: ‘role_id’};
management.getPermissionsInRole(params, function (err, permissions) {
if (err) {
console.log(err);
}
console.log(permissions);
});
Note: You can also use an Action for this as well: