I have a use case - Angular front end, Spring backend , and some authorization mechanism (Auth0)
I have created an account/tenant, created API, SPA. When I noticed that email was not in JWT token for Spring, I created a rule based on someone’s answer. So I know who the user is.
I used Auth0 example tutorial that used environment.ts for httpInterceptor. All requests are permitAll, so ok for now.
But I need to get user claims i.e. scopes/permissions read:article , etc
What I am getting is - scope: openid profile email
But User Management >> users >> that user >> permissions has view:account permission assigned
Why is it not coming in JWT claims in the backend?
Do I need to do - Configure the Authorization Extension ?
When I installed, it asked for permission. This is strange. Don’t remember but it was like another third party thing. Something I don’t like, but went ahead accepting.
Question: Is this what I need to do to – Define Permissions — so that I can get scopes in my application?
If yes, then don’t understand why this is not in FAQ kind of thing, as this is very basic and kind of mandatory requirement for any application. Cant imaging any application without different categories of users.
Please update documentation to keep people happy, and less support related hassles.
PS. Warning The extension still needs to be configured before it can enforce your authorization logic. If upgrading from a previous version please rotate your ApiKey before re-publishing your rule.