Permissions not appearing within token

Hey Guys,

I have noticed that the permissions which I have assigned to a user are not appearing in the token that I’m using.

I am generating the token in a React front-end using the ‘getAccessTokenSilently’ function from the Auth0-react package. This is then getting passed to the backend in order to call an API. I’ve noticed that when I decode this token the permissions are not present and I am unable to determine why.

A friend has done something similar with the same setting on their account (although their account is based in Aus) and when I decode their same token I can see the permissions have been added.

Can someone please assist?


Hey @brookekrajancich, welcome to the community! :wave::tada:

Let’s figure it out. Normally, using a Rule should work just fine:

function (user, context, callback) {
  var namespace = '';
  context.accessToken[namespace + 'access'] = {
    groups: user.groups,
    roles: user.roles,
    permissions: user.permissions
  return callback(null, user, context);

In theory, executing this rule will add this data to the token for you to use. Again, in theory, you should be able to access these values.

If you DM me your tenant name, I’ll take a look at your settings. They should be pretty deterministic, and identical settings (regardless of the location) should result in identical data in the token.

Hey @art.rosnovsky

I’ve just DM’d you tenant information. Thanks for your quick assistance, I have tried adding the rule as specified and it’s not added any additional information to the token.

Unsure what could be causing this.

I’m looking into this, Brooke. It’s going to be a busy day, but I’ll get back to you in DMs as soon as I can!


1 Like