Trying to create a rule for getting scope permissions from an external API

Hi everybody,

I have an application with an Angular front-end and an ASP.Net core v3.1 back-end restful API.

I want to keep the user permissions in our database, so I need to be able to call my api special endpoint when a user authenticate.

When called from within the rule, the API would return the permissions associated with the user account and the rule would add them to scope (or am I wrong ? ).

The client would then be able do its API requests using these permissions.

I tried using rules but I am unable to find an example of one which would add permissions like this one : (scope read:timesheets) to the access token. As I understood that this is the access token that will be passed to my API.

I a little bit stuck and would greatly appreciate some help…

Thank you very much for anyone who read my message

Kind regards,

Mathieu Perron

Hi @mathieu1er,

Welcome to the Community!

You won’t be able to add them directly to the scopes in the token.

Instead you can make the call, receive the permissions, and add them as a custom claim.

Here is a rule describing how to make a call to an external API:

And here is a doc describing how to add custom claims to a token:

Hope this helps!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.