Permission claim empty if logging on using Organization - still unresolved

Hi @PatrickHeneise

Thanks for reaching out to the Auth0 Community!

My apologies for not getting back to you sooner. And yes, normally topics are automatically closed after 15 days from the last reply.

Now, after my investigation, I found that there were no issues with getting the permissions added to the access token when authenticating with Organizations.

I believe what happened involved the user only being assigned to those Permissions globally on their user profile (non-organization), instead of having them assigned as an Organization member. The difference is subtle, but it determines whether the Permissions claim is added to the access token.

For example:

  • If we assign the user with the read:reports update:reports permissions to the user profile through the Auth0 Dashboard > User Management > Users > Roles, then when authenticating through an organization, the access token will not have these permissions. It will have these permissions if the authenticating regularly without the org_id.

  • If we assign the users with the read:reports update:reports permissions on the Members section of the Auth0 Dashboard > Organizations > Members > Assign Roles, then when authenticating through an organization, the access token will have these permissions. It will not have these permissions if authenticating regularly without the org_id.

I recommend following the steps outlined in our Add Roles to Organization Members documentation.

I hope the explanation helps!

Please let me know if I can help you with anything else.
Thanks,
Rueben

1 Like