Unable to set custom scopes after login

nkr · June 4, 2019, 8:58am

Hi,

I am trying to add conditional scopes for some users who have admin rights, but cannot seem to find an approach that works - any help would be appreciated.

I have tried a few approaches so far:

1.) First approach was done in code, in JS/Angular. In my Auth service component in the setSession method where I get the user information, I check if the user’s role is that of an Admin. If this is true, I add additional scopes to the existing, and call a webAuth.checkSession() with the new scopes - This fails with error “consent required”.

2.) Second approach was ment to be by using Rules, but I got kinda stuck on first step in this approach. First step is I wanted to add my “user role” to the user profile in Auth0, so in the Custom Database Login script’s callback, I add “user_metadata: { role: rows[0][2].value }” (also tried with just “metadata”), but this will not add anything to my user profile, so in my Rules I will never be able to check up on this value to determine if the scopes should stay as standard or have additional scopes added.

How can I proceed from here?

Thanks,
Nikolaj.

dan.woda · June 5, 2019, 8:22pm

Hi @nkr,

Using rules or RBAC is the strategy I would take. Similar to #2 that you listed.

With RBAC you can add roles and permissions to your users. You can do this manually through the dashboard, or programatically with the Management API. You can make permissions specific to roles.

This doc tells you how to add roles to tokens if you want to handle it in your application:

And here is an example:

Hopefully this solves your problem.

Let me know if I missed anything,
Dan

dan.woda · August 1, 2019, 7:53pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.