Hello Auth0 community!
I’m new to Auth0, but not new to OAuth concepts, and I have a pretty frustrating issue at the moment. I have a spring web application that uses the
authorization_code flow to authentication and users.
My application uses the RBAC Core feature, and i’m struggling real hard to access the user permissions in the IdToken at the moment of authenticating.
What I did so far
- I went on and created a role “Super Admin” just to test.
- From there, I created new permissions that I assigned to this role.
- I then created a user to which I assigned the role I just created
- Finally, I went into the API I created for my application, and toggled on the RBAC management
Now, in my application, I requested the scopes for my permissions. However, the output token I get doesn’t contain the user’s permissions in the “scopes” output, and also doesn’t contain the “permissions” claim in the output.
Here is the IdToken I get if you wish to know
I even tried logging the user and the context by using a rule and debugging the output logs. Here’s what I get:
Not a trace of the user permissions in neither the context nor the user… So i’m really starting to wonder what I did wrong
Anyway, sorry for the long post, and thanks a lot in advance for the help!