I have two Applications (an SPA and a Machine to Machine app), and a custom API registered in my Auth0 account. The API has RBAC enabled, and a few permissions configured for it. When I perform the client_credential OAuth grant using my M2M app, the token that comes back includes two claims (scope …

Hi @tommyr , I apologize for the delay. Permissions and RBAC are user-centric. This is explained better here: [image] What is the difference between scopes and permissions? FAQs Question: What is the difference between scopes and permissions? Answer: What are scopes? …

Scopes and permissions with RBAC for Machine-to-machine authentication

Help

dan.woda May 27, 2020, 8:42pm 3

Hi @tommyr,

I apologize for the delay.

Permissions and RBAC are user-centric. This is explained better here:

This would explain the difference in how they are treated in a SPA where a user is requesting an access token and a M2M app where there is no user.

Hope this helps in some way!
Dan