Permissions not included in access token for MFA flow

stephanie.chamblee · February 12, 2021, 7:42pm

Welcome to the Community!

I just tried this out with a rule using the Guardian and also using email MFA, and I seem to be getting a role added to the token. I probably don’t have quite the same setting to recreate this. Which type of MFA are you using (email, phone message, Guardian, etc.)? Also, would you mind sending the code from your rule that adds the role/permissions array to the token?

My rule that adds the role to the ID Token and Access Token:

function (user, context, callback) {
  const namespace = 'http://demozero.net';
  const assignedRoles = (context.authorization || {}).roles;

  let idTokenClaims = context.idToken || {};
  let accessTokenClaims = context.accessToken || {};

  idTokenClaims[`${namespace}/roles`] = assignedRoles;
  accessTokenClaims[`${namespace}/roles`] = assignedRoles;

  context.idToken = idTokenClaims;
  context.accessToken = accessTokenClaims;

  callback(null, user, context);
}

Thanks!

Topic		Replies	Views
Access token is missing permissions when using MFA Get Help jwt , mfa	5	2985	March 24, 2021
Conditional multi-factor rule removes permissions from JWT Get Help rules , permissions , multi-factor	9	4005	March 9, 2021
Add permissions to access token in actions (September 2023, rules are deprecated) Get Help management-api , roles	4	2197	October 16, 2023
RBAC Step up Authentication Custom Scopes Get Help jwt , api , mfa , step-up , rbac	4	3807	August 18, 2020
How to get directly assigned permissions in access token? Get Help jwt , access-token , permissions	2	2659	July 21, 2022

Permissions not included in access token for MFA flow

Related topics