Yes, Rules are JavaScript functions that execute within an isolated serverless Webtask container every time a user authenticates.
The Rules configured within your Auth0 tenant will run after authentication takes place and before the redirect back to your application.
Rules are passed a User Object and Context Object which allow them to do many things like add data to the user profile or throw an error if a user hasn’t verified their email address.
You can try adding the role to the ID Token and Access Token by creating a new Rule in the dashboard:
Paste the following into the new rule.
function (user, context, callback) {
const namespace = 'http://yournamespace.com';
const assignedRoles = (context.authorization || {}).roles;
let idTokenClaims = context.idToken || {};
let accessTokenClaims = context.accessToken || {};
idTokenClaims[`${namespace}/roles`] = assignedRoles;
accessTokenClaims[`${namespace}/roles`] = assignedRoles;
context.idToken = idTokenClaims;
context.accessToken = accessTokenClaims;
callback(null, user, context);
}
To test it out, you’ll need to give your user a role and then log in and inspect the ID Token they are issued (example ID token)