I have two Applications (an SPA and a Machine to Machine app), and a custom API registered in my Auth0 account. The API has RBAC enabled, and a few permissions configured for it. When I perform the client_credential OAuth grant using my M2M app, the token that comes back includes two claims (scope …

Hi @tommyr , I apologize for the delay. Permissions and RBAC are user-centric. This is explained better here: [image] What is the difference between scopes and permissions? FAQs Question: What is the difference between scopes and permissions? Answer: What are scopes? …

Scopes and permissions with RBAC for Machine-to-machine authentication

Help

dan.woda May 27, 2020, 8:42pm 3

Hi @tommyr,

I apologize for the delay.

Permissions and RBAC are user-centric. This is explained better here:

This would explain the difference in how they are treated in a SPA where a user is requesting an access token and a M2M app where there is no user.

Hope this helps in some way!
Dan

Topic		Replies	Views
Difference between scopes and permissions in access token Help scopes , permissions	5	10348	August 31, 2019
Differences between Scopes and Permissions Knowledge Articles token , scopes , permissions , scope , client-credentials	1	9167	October 16, 2019
RBAC permissions for SPA app and API Help rbac	1	5424	September 12, 2019
Scopes vs Permissions confusion Help	10	15842	December 8, 2020
Auth0 Machine to Machine permission in JWT Help jwt , auth0 , api	2	5368	October 26, 2019

Scopes and permissions with RBAC for Machine-to-machine authentication

Related Topics