followed this scenario here:
I do not understand if I am misusing or there is a genuine problem here…
I have an SPA + API application, I am using Authorization Core, I have added permissions to the API ( I cannot add permissions to an SPA from the UI ) , I have created a Role that utilizes some of these permissions, I applied the Role to a User, however there isn’t seem to be a way to get the permissions into the token when I login using the SPA.
My SPA does not have routes or content that is visible based on permissions, the only thing that the permissions are applying to are what routes / apis the users can access with what HTTP methods.
So either 1. I do not even need the SPA Application and just use M2m or 2.this is a problem and I will use a Rule that will get the user permissions and add them to the token during login from the SPA