Auth0 user permissions not being passed in token

Question

I created an auth0 backend api and a react client. Both applications correctly communicate to auth0 for authentication. I can log in as a user on the react client, and then make a get request to the backend api using a bearer token to get access to a protected endpoint. This follows https://auth0.com/docs/quickstart/backend/rails/01-authorization, however, I'm stuck when it comes to protecting endpoints additionally with specific scopes/permissions.

My understanding was that by creating a role in the auth0 settings, adding a specific scope/permission Y to that role, and by assigning user X to that role, the bearer token would automatically include that permission Y when user X correctly signs in in the react app. But when I hit the backend endpoints that's protected around that permission Y, it doesn't authorize me, so the scope seems to be missing. 'Enable RBAC' and 'Add Permissions in the Access Token' are both enabled for the api.

If anybody has experience with this, I'd greatly appreciate any help!

Answer 1

A few things can be your issue here. Once you have selected enable RBAC and Add Permissions in the Access Token, make sure you have added your permissions to the api. Next you will want to make sure your selected user has that permission associated with it under the users tab.

Once you have this configured, your access token should have your permissions. You can verify this by looking at the token generated on login on a site like https://jwt.io/.