Permissions with application name

filipebrius · February 8, 2024, 4:32pm

I have a VUE js SPA application using auth0, the implementation is pretty basic, but when I get the user information from auth0, instead of a “permissions” key, it returns a “{{some-of-my-auth0-applications-api-name}}/permissions”. I can’t find inside the auth0 dashboards how to change it.

Does anyone know how to change/fix it?

Vue.use(auth0Plugin, {
  domain: process.env.VUE_APP_AUTH0_DOMAIN,
  clientId: process.env.VUE_APP_AUTH0_CLIENT_ID,
  audience: process.env.VUE_APP_AUTH0_AUDIENCE,
  onRedirectCallback: (appState: any) => {
    router.push(appState && appState.targetUrl ? appState.targetUrl : window.location.pathname);
  },
});

By the way for my vue application, I’m not using the bfp_customers_report API/audience, but the Msgops one. So I can’t understand why it returns with the bfp_customers_report/permissions as a key inside my user’s details.

tyf · February 8, 2024, 5:43pm

Hey there @filipebrius welcome to the community!

The permissions in the ID token with use of a namespace as pictured are added as a custom claim by a Rule or Action in your dashboard - You won’t be able to use the permissions claim directly in ID tokens as it’s a restricted claim. So, the way you are going about adding permissions to ID tokens currently is correct:

Permissions are added using the permissions claim in access tokens as part of RBAC:

https://auth0.com/docs/get-started/apis/enable-role-based-access-control-for-apis

system · February 26, 2024, 11:05pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.