Permissions not updating when adding Role via a Rule

Hey Auth0 team,

Like many, I’m trying to add users to a default Role when they sign up. From Add Default Role to New User Sign-up I understand that Hooks don’t work with Social/Enterprise connections, so I’m using a Rule. We want permissions associated with Roles, so we’re using RBAC.

I’m using the approach described in How do I add a default role to a new user on first login? to assign the role to a user and it works successfully, but the token permissions don’t get updated after a role assignment just like After applying a Role to a User using a Rule at signup (first login), the permissions are not in the user's access token describes. The workarounds in that thread are: 1) on the client side, continually get a token until the permissions are non-null 2) use the getTokenSilently method from the auth0-spa-js library. Neither of these approaches work for me as we’re using the Device Authorization flow so each time we try to get a new token the user has to confirm the device code.

I also tried using the management client’s getPermissionsForRole method to manually get the permissions for the new role, but the management client doesn’t have the read:roles permission. What’s the best solution here? Given the quantity of posts about this, it would be a huge help if there was an option to recalculate the token permissions after applying a Rule.


Also worth noting: Merge scope and permissions in scope in a rule seems to suggest that you can’t modify permissions within a Rule