Permissions are empty on the token when authenticating into organization

Hello,

Permission claim in token is empty when logging on to an application as an organization team member.
I have assigned permissions to my user in organization “x” (for the API that sent as audience).
When triggering to /authorize endpoint i have passed the “organization=x” query param and yet the permissions of the user in the organization is empty

RBAC is enabled and include permission in access token is enabled. for the organization the permission array is empty.

Is this a bug or is it intended?

Thank you,
Or

Hi there @or12 and welcome to the community!

This is typically due to the fact the role/permissions has been assigned globally as opposed to within the context of an organization - Please see the following FAQ for details:

Hope this helps!

1 Like

No, i have assigned it within the context of an organization

1 Like

Thanks for following up on this! I’ve just ran through this in my own test environment and can confirm that the permissions are added correctly. Here’s a look at the access token I’ve received:

{
  "iss": "https://domain.us.auth0.com/",
  "sub": "auth0|622bc00324299ee0f0",
  "aud": [
    "https://test-api-endpoint",
    "https://domain.us.auth0.com/userinfo"
  ],
  "iat": 1677632536,
  "exp": 1677632596,
  "azp": "5sFZ3AuJ05QEasdfUfQjMuVwiujzSqcG",
  "scope": "openid profile email offline_access",
  "org_id": "org_YZN9osfdsfN5R8",
  "permissions": [
    "create:appointments",
    "create:prescriptions",
    "delete:appointments"
  ]
}

Are you able to confirm that you receive the org_id as a claim in your access token and that the roles you added to a user within the context of an organization have permissions associated with them?

1 Like

This topic was automatically closed after 10 days. New replies are no longer allowed.