Auth0 Home Blog Docs

Web API + Authorisation



I got access_token from Auth0 which contains roles and groups. But when passing same access_token to call web-api’s. I am not getting groups and roles claims.

I had use below code to decorate my web-api method

[Authorize(Roles = “Admin”)]


That will depend on how the token is being processed when it’s received by the (assuming ASP.NET) Web API. If the processing includes the creation of a ClaimsIdentity which is highly likely then if you can influence how that identity is created, one of the constructor of that class allows to specify which claim type will be treated as source of roles information. This should allow you to specify the claim that carries your roles and the attribute should then apply the logic based on information carried in the custom claim type.

There may be other extensibility points that could be used to signal that roles are coming from a specific claim type instead of the default one assumed by .NET, however, that will always depend on how exactly the token is being processed and you did not provide any information about this part of the process.