Unable to read read roles information from JWT token

Created JWT token as per example https://auth0.com/docs/quickstart/spa/vanillajs
I created role and assigned role to user using Dashboard console.

I was expecting to get Roles in JWT token. Something like
https://domain/roles”: [

However i am not able to get roles in JWT token. How can i access roles information from token. As per topic “Getting user roles in rules” looks like it is not possible.

Check out this example rule:

I created Rule “roleToUserRule” as suggested in document.
copied following script in rule

function (user, context, callback) {
  const namespace = 'http://........us.auth0.com';
  const assignedRoles = (context.authorization || {}).roles;
  const metadata = (context.authorization || {}).user_metadata;

  let idTokenClaims = context.idToken || {};
  let accessTokenClaims = context.accessToken || {};

  idTokenClaims[`${namespace}/roles`] = assignedRoles;
  idTokenClaims[`${namespace}/metadata`] =   metadata;

  accessTokenClaims[`${namespace}/roles`] = assignedRoles;

  context.idToken = idTokenClaims;
  context.accessToken = accessTokenClaims;

  callback(null, user, context);

I am using sample code javascript single page app "https://auth0.com/docs/quickstart/spa/vanillajs". 

const configureClient = async () => {
  const response = await fetchAuthConfig();
  const config = await response.json();

  auth0 = await createAuth0Client({
    domain: config.domain,
    client_id: config.clientId
    ,audience: config.audience

auth_config.json looks like 
  "domain": ".....auth0.com",
  "clientId": "........",
  "audience": "https://api.mysite.com"

Still the token that get’s generated does not have roles.

access_token: “…”
expires_in: 86400
id_token: “…”
scope: “openid profile email”
token_type: “Bearer”

Do we have to do anything different to get roles in token. Do I need to set scope while creating auth0 using createAuth0Client method.

You need to change your namespace to something that does not include an auth0 domain. It doesn’t really matter what it is for testing purposes. It can be https://www.example.com.

I am able to read roles

1 Like

Thanks for the update!