- Which SDK this is regarding: e.g. auth0-react
- SDK Version: e.g. 1.9.0
- Platform Version: e.g. Node ^17
This has worked very randomly a couple of times but in general (98% of the time) I don’t get the permissions in the token.
My Auth0Provider looks like the following
Auth0Provider
domain={process.env.REACT_APP_AUTH0_DOMAIN}
clientId={process.env.REACT_APP_AUTH0_CLIENT_ID}
redirectUri={process.env.REACT_APP_AUTH0_REDIRECT_URL}
organization={organization}
scope=“create:folder”
audience={process.env.REACT_APP_AUTH0_DOCS_API_AUDIENCE}
- The scope exists for the API specified in the audience
- The API uses RBAC
- The user’s role has the permission for that API added to it
- The role has been assigned to the user
- The token is issued for that audience for that client
but the token does not have that permission. THis has worked exactly two times, what am I missing?
Token
{
“iss”: “–Domain–”,
“sub”: “auth0|5cf4616ed9a6e70f3ad8bbb9”,
“aud”: [
“–Correct audience–”,
“–Domain/userinfo”
],
“iat”: 1645128472,
“exp”: 1645214872,
“azp”: “XXXXXXXXXXX”,
“scope”: “openid profile email”,
“org_id”: “org_XXXXXXX”,
“permissions”:
}
UPDATE: This only works if I don’t sent an Organization in the Auth0Provider config. Why is that???
Srini