CODEWITHSUNDEEP
spring-bootauth0
Jackie
Jackie

Reputation: 23497

Auth0 with Authorization Extension not passing roles to Spring Security JWT object

I have an Auth0 project that I am using for authentication. I have modeled my Spring code based on this example.

I am trying to limit an area like this...

.antMatchers(ADMIN).hasRole(Role.ADMIN.getRoleName())

But when I add my Admin role to my user and try to log back in the JWT does not show any roles when I run...

Collection<SimpleGrantedAuthority> authorities = (Collection<SimpleGrantedAuthority>)    SecurityContextHolder.getContext().getAuthentication().getAuthorities();

It is empty. How do I pass the roles to my application using Auth0

More Information

I tried decoding the JWT token and I don't see the role information even being passed....

Header
{"typ":"JWT","alg":"RS256","kid":"<Removed>"}
Body
{"iss":<Removed>,"sub":<Removed>,"aud":<removed>,"iat":<removed>,"exp":<removed>}

So why is Auth0 not passing this information.

Upvotes: 2

Views: 915

Answers (2)

StV
StV

Reputation: 179

Groups, roles and permissions won't be added to the jwt automatically. You have to create a new rule or modify the default rule which is created after enabling (publishing) the authorization extension.

Adding roles and permissions to a JWT access token in Auth0

Upvotes: 1

Luiz E.
Luiz E.

Reputation: 7229

You should provide the granted authorities to your principal when you're authenticating it.

I assume you have a custom class that implements UserDetails and you overwrite getAuthorities(). This method should return an authority called ROLE_ADMIN. Notice that the role should be prefixed with ROLE_

Upvotes: 0

Related Questions