I have Auth0 users that belong to Groups in the Auth0 Extension. Each group is a group of Roles. Each Role is a group of Permissions. Access to operations on the front and backend of my apps are dictated by what permissions they have.
I have an existing Rules object in the Auth Pipeline that adds rules and permissions to the id token, and it works for my old apps built with Create-React-App, but it does not seem to work for the NextJs app I just built.
to the user object, which isn’t particularly helpful. ‘admin’ is a group, which should be an object containing roles, which in turn should be objects containing permissions.
I understand I may have to use the Management API to get the information I want on the backend, but before I do that I want to understand what has changed that means my Create-React-App apps work to get the id token with roles and permissions, but my Next app doesn’t?
First, let me explain that the event.authorization.roles property in your Post-Login Action refers only to the Roles assigned to the user through the Authorization Core implementation instead of the Authorization Extension.
Now, as far as why it works in your React App and not in your Next.js App, I am not sure. Have you checked whether your users are being assigned to these roles and permissions in the Authorization Extension specifically for that application?
You will have to verify in the Authorization Extension:
The permission was created specifically for your Next.js app
The role was created specifically for your Next.js app
The user was assigned to the role that is for your Next.js app
That all makes sense - the app that’s working is for an Application in Auth0 that we pay for business users in the Organizations tab, whereas we don’t pay for organizations in the new one, so I guess it wouldn’t be able to access the Auth Extension permissions because the Users we created the Auth Extensions permissions apply to are members of organisations? Is that likely to be the case?
You could always create new Roles and Permissions in your Authorization Extension that’s for your new Application, and then assign them to your users. Could you please try that and see if that works?
Let me also clarify that assigning roles to your user through an Organization is not the same as the assigning the roles through the Authorization Extension. If users are assigned to Roles in an Organization, you will not see the Roles assigned in the Authorization Extension and vice versa.