Hi @dan.woda,
I am able to do that via the rules, however
what I want to achieve is to allow the Auth0 runtime to determine the permissions of the user via the setting of a role.
this is the jwt of the user with a db id provider who has been assgined to the “billing-agent” role
the auth0 runtime provides role to permissions mapping which is then accessible via the jwt:
{
"iss": "https://xxxx.au.auth0.com/",
"sub": "auth0|5e8965df4ce5210bd3c3fada",
"aud": [
"https://yyyy.com/api",
"https://xxxx.au.auth0.com/userinfo"
],
"iat": 1586758328,
"exp": 1586844728,
"azp": "lAeDtRv5uKc5qCvmkOE5LnWWUlRatU7U",
"scope": "openid profile email",
"permissions": [
"create:bill",
"read:bill",
"read:payment"
]
}
what I want to achieve is given another user with an ODIC provider using the “cognito:groups” of “billing-agent” map to that to the auth0 role and then subsequently have auth0 perform the role to permissions mapping and allow the permissions claim to be present in the jwt
currently if I add context.accessToken[‘https://yyyy.com/roles’] = ‘{roles: [‘billing-agent’]}’ doesn’t trigger then auth0 runtime to map the role to permissions in the claim as the case with db provider user.
I want to avoid permanently adding the user to the role if possible as the “cognito:group” may change in the upstream provider.