Unable to read read roles information from JWT token

rathorsdharmendra · September 9, 2020, 6:30am

Created JWT token as per example Auth0 JavaScript SDK Quickstarts: Login
I created role and assigned role to user using Dashboard console.

I was expecting to get Roles in JWT token. Something like
“https://domain/roles”: [
“role1”
],

However i am not able to get roles in JWT token. How can i access roles information from token. As per topic “Getting user roles in rules - #8 by markd” looks like it is not possible.

dan.woda · September 9, 2020, 9:44pm

Check out this example rule:

rathorsdharmendra · September 10, 2020, 7:59am

I created Rule “roleToUserRule” as suggested in document.
copied following script in rule

function (user, context, callback) {
  const namespace = 'http://........us.auth0.com';
  const assignedRoles = (context.authorization || {}).roles;
  const metadata = (context.authorization || {}).user_metadata;
  

  let idTokenClaims = context.idToken || {};
  let accessTokenClaims = context.accessToken || {};
  

  idTokenClaims[`${namespace}/roles`] = assignedRoles;
  idTokenClaims[`${namespace}/metadata`] =   metadata;

  accessTokenClaims[`${namespace}/roles`] = assignedRoles;

  context.idToken = idTokenClaims;
  context.accessToken = accessTokenClaims;

  callback(null, user, context);
}


I am using sample code javascript single page app "https://auth0.com/docs/quickstart/spa/vanillajs". 


const configureClient = async () => {
  const response = await fetchAuthConfig();
  const config = await response.json();

  auth0 = await createAuth0Client({
    domain: config.domain,
    client_id: config.clientId
    ,audience: config.audience
  });
};

auth_config.json looks like 
{
  "domain": ".....auth0.com",
  "clientId": "........",
  "audience": "https://api.mysite.com"
}

Still the token that get’s generated does not have roles.

access_token: “…”
expires_in: 86400
id_token: “…”
scope: “openid profile email”
token_type: “Bearer”

Do we have to do anything different to get roles in token. Do I need to set scope while creating auth0 using createAuth0Client method.

dan.woda · September 10, 2020, 8:14pm

You need to change your namespace to something that does not include an auth0 domain. It doesn’t really matter what it is for testing purposes. It can be https://www.example.com.

rathorsdharmendra · September 15, 2020, 6:30am

I am able to read roles

dan.woda · September 15, 2020, 8:28pm

Thanks for the update!

system · September 30, 2020, 8:28pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.