Permissions not returned as part of a token when Org ID is set in Auth0Provider

srinivas1 · February 17, 2022, 8:25pm

Which SDK this is regarding: e.g. auth0-react
SDK Version: e.g. 1.9.0
Platform Version: e.g. Node ^17

This has worked very randomly a couple of times but in general (98% of the time) I don’t get the permissions in the token.

My Auth0Provider looks like the following

Auth0Provider
domain={process.env.REACT_APP_AUTH0_DOMAIN}
clientId={process.env.REACT_APP_AUTH0_CLIENT_ID}
redirectUri={process.env.REACT_APP_AUTH0_REDIRECT_URL}
organization={organization}
scope=“create:folder”
audience={process.env.REACT_APP_AUTH0_DOCS_API_AUDIENCE}

The scope exists for the API specified in the audience
The API uses RBAC
The user’s role has the permission for that API added to it
The role has been assigned to the user
The token is issued for that audience for that client
but the token does not have that permission. THis has worked exactly two times, what am I missing?

Token
{
“iss”: “–Domain–”,
“sub”: “auth0|5cf4616ed9a6e70f3ad8bbb9”,
“aud”: [
“–Correct audience–”,
“–Domain/userinfo”
],
“iat”: 1645128472,
“exp”: 1645214872,
“azp”: “XXXXXXXXXXX”,
“scope”: “openid profile email”,
“org_id”: “org_XXXXXXX”,
“permissions”:
}

UPDATE: This only works if I don’t sent an Organization in the Auth0Provider config. Why is that???

Srini

srinivas1 · February 17, 2022, 9:57pm

Adding a response here in case the next person who makes the same mistake comes looking.

Assigning a role to a user isn’t sufficient. The role has to be assigned to that user for that specific organization. To do this, I had to go to Organizations in the left nav → Members tab in the Organizations page → Select a particular member → Assign roles to that member in that specific organization.

konrad.sopala · February 18, 2022, 10:31am

Perfect! Thanks for sharing it with the rest of community!