Populating Scopes from Roles in a Rule

Let’s say I have two Users. UserA belongs to the Admin Role. UserB belongs to the Standard Role. Each Role defines a set of Scopes. Both UserA and UserB log in with Username-Password connection. There is no social sign-in. The SPA authenticates with Auth0, grabs the Access Token, and then calls my API. I would like to Authorize the EndPoints based on the Scopes in the Access Token.

My question is this - can I populate the Access Token with all the Scopes assigned to the Role that is in turn assigned to the User when they log in? i.e. UserA logs in, a Rule fires which sees he is in Admin Role, grabs those Scopes and populates the Access Token with them?

I know I can explicit request Scopes when calling auth0.WebAuth, but this makes no sense to me. How can I distinguish between a Standard and Admin Role at the point of login?

Hello Claran,

I would suggest starting here:

This is a new RBAC feature, and will probably give you what you need.


1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.