Currently have an API Audience with RBAC enabled and Add Permissions in the Access Token enabled.
The API Audience has a number of permissions which in turn are associated with various roles.
Some users are stored in Auth0’s identity store and have the various roles assigned.
The APIs are accessed via a react app and when I log to the app to access the RBAC’ed API I can see the JWT token with the appropriate permissions claims.
The react app also connects to AWS Cognito via Open ID Connect and I can log into the react app using the Cognito credentials. The Cognito users have a cognito:groups claim which I want to map to an Auth0 role, and subsequently access the RBAC’ed API.
I’ve trawled through a number of posts I’ve tried using rules to modify the context object but unfortunately have not been see the permissions claim in the JWT.
I want to avoid actually permanently assigning the Auth0 roles to the Cognito users if possible to prevent possible mismatches in authorisations.