SPA + Permissions

followed this scenario here:

I do not understand if I am misusing or there is a genuine problem here…

I have an SPA + API application, I am using Authorization Core, I have added permissions to the API ( I cannot add permissions to an SPA from the UI ) , I have created a Role that utilizes some of these permissions, I applied the Role to a User, however there isn’t seem to be a way to get the permissions into the token when I login using the SPA.

My SPA does not have routes or content that is visible based on permissions, the only thing that the permissions are applying to are what routes / apis the users can access with what HTTP methods.

So either 1. I do not even need the SPA Application and just use M2m or 2.this is a problem and I will use a Rule that will get the user permissions and add them to the token during login from the SPA

Please help!

1 Like

Did you ever figure anything out?

I find myself in the same boat.

This is what I found when working with SPA and API’s:

Basically enable RBAC and “Add Permissions in the Access Token”.