My never ending adventure with roles and permissions

I’d first like to say how I really appreciate the ease and use to set up Auth0 from its dashboard and into my React Single Page Application (SPA). The tutorials helped me a lot to get me started and within a few hours, I was able to configure Google as an authentication provider for my app.

I then discovered how I could add roles and permissions within my API. I was very excited about this as I saw a lot of value in configuring roles and permissions, assign a role to a user and retrieve this info (role, permissions) into my SPA. After my initial experience with the tutorial to configure my API, I hoped I would spend a few hours and would be ready to move forward.

It’s been a week now that I’ve been roaming through the documentation, community forums, and Google to find a light at the end of the tunnel. I’ve hit the following dead ends to retrieve the role and permissions of my authenticated user:

  • Enable RBAC in my API (and its buddy Add Permissions in the Access Token):
  • Created rules trying the following:
    ** Calling the ManagementClient to learn the permissions to read roles and permissions are not allowed in rules.
    ** Tried this sample code where I’m always getting no roles.
  • Ended up looking to set a token dialect based on this tutorial that tells me to enable RBAC
  • Read countless number of posts in this community about roles and permissions. By the number of questions, I concluded this was not as easy as it seems.

Somewhere in the community forums, I discovered there is a Authentication Core and a Authentication Extension. It mentioned how Authentication Extension brings back easily roles and permissions by creating a rule for that. My hopes were high but after spending a day in the extension, I still couldn’t retrieve my roles in my SPA through the Authentication Extension. Oddly enough, the Authentication Extension has its own set of roles and permissions which are not the same as those that you will find in your dashboard. At least, in my understanding.

So here I am, asking for this community help on WHAT is the right way, in 2021, to retrieve roles and permission for the user which has just authenticated itself.

A few more info about my configuration:

  • I’m using the 30 day trial
  • I have one user which has one role assigned to him
  • I’ve following this tutorial to integrate Auth0 in my React SPA

There’s a good chance I’ve missed the right post, tutorial or article to solve my problem. If so, I would be so happy to be pointed in the right direction.

Thank you for your time,


Hi @lpcarignan

Check your direct messages, I am sending you one.