Permissions not in JWT token.
I’ve added two permissions to my API and view:user and view:profile.
I’ve enabled RBAC for my API, and asked to include the permissions in my token.
I don’t have any extensions installed for Authentication.
Don’t see what else I’m missing
1 Like
Hi @alex12,
Welcome to the Community!
I’ve just tested this out in my own tenant. The decoded Access Token is coming back as:
{
"iss": "https://tenantdomain/",
"sub": "google-oauth2|115088824167938831773",
"aud": [
"https://test.com",
"https://tenantdomain/userinfo"
],
"iat": 1620387612,
"exp": 1620387632,
"azp": "iTAbnWQtk4voRjZyOp0ZHYL24s101ppB",
"scope": "openid profile email offline_access",
"permissions": [
"read:users"
]
}
Would you mind sharing what your Access Token looks like (removing any sensitive data such as tenant name)? That may help troubleshoot this. Thank you!