Permissions not returned as part of a token when Org ID is set in Auth0Provider

  • Which SDK this is regarding: e.g. auth0-react
  • SDK Version: e.g. 1.9.0
  • Platform Version: e.g. Node ^17

This has worked very randomly a couple of times but in general (98% of the time) I don’t get the permissions in the token.

My Auth0Provider looks like the following

Auth0Provider
domain={process.env.REACT_APP_AUTH0_DOMAIN}
clientId={process.env.REACT_APP_AUTH0_CLIENT_ID}
redirectUri={process.env.REACT_APP_AUTH0_REDIRECT_URL}
organization={organization}
scope=“create:folder”
audience={process.env.REACT_APP_AUTH0_DOCS_API_AUDIENCE}

  1. The scope exists for the API specified in the audience
  2. The API uses RBAC
  3. The user’s role has the permission for that API added to it
  4. The role has been assigned to the user
  5. The token is issued for that audience for that client
    but the token does not have that permission. THis has worked exactly two times, what am I missing?

Token
{
“iss”: “–Domain–”,
“sub”: “auth0|5cf4616ed9a6e70f3ad8bbb9”,
“aud”: [
“–Correct audience–”,
“–Domain/userinfo”
],
“iat”: 1645128472,
“exp”: 1645214872,
“azp”: “XXXXXXXXXXX”,
“scope”: “openid profile email”,
“org_id”: “org_XXXXXXX”,
“permissions”:
}

UPDATE: This only works if I don’t sent an Organization in the Auth0Provider config. Why is that???

Srini

1 Like

Adding a response here in case the next person who makes the same mistake comes looking.

Assigning a role to a user isn’t sufficient. The role has to be assigned to that user for that specific organization. To do this, I had to go to Organizations in the left nav → Members tab in the Organizations page → Select a particular member → Assign roles to that member in that specific organization.

2 Likes

Perfect! Thanks for sharing it with the rest of community!