Overview
When authenticating in the context of an organization, user-assigned permissions do not appear in the Access Token. When switching off organizations, the flow then works as expected, i.e., user-assigned API permissions come through into the Access Token. Roles are not in use.
Cause
Roles need to be used, and the required API permissions should be assigned to the role.
Solution
Use the following steps to resolve the issue.
- Create a role (Users > Role).
- Assign the relevant permissions to that role (Permissions tab).
- Go to the relevant organization and click on the Members tab.
- Locate the user in question and go into the details of the user.
- Assign the new role (which has the permissions) to the user here and save the changes.
This will then pull the required API permissions into the Access Token.