I’ve been having a hell of a time trying to get permissions to appear in the ID token of the response that comes back from the
/oauth/token endpoint when using Resource Owner Password flow.
From what I understand, if you go to the Auth0 Authorization extension and configure it to pass Permissions through the Token Contents (taking care to click Publish), the user’s permissions should just appear in the ID token when the user logs in via the
/oauth/token endpoint. I’ve tried playing around with specifying “permissions” as a scope in the
/oauth/token request and that still doesn’t seem to help.
Have I understood this correctly? The only way I can seem to retrieve permissions for a user is if I use the old
/tokeninfo endpoints, which I don’t want to do.