Adding Groups, Roles and Permissions to your Auth0 users, for free!
In a previous post we discussed how to include Groups, Roles and Permissions in JWT access tokens returned from Auth0. This was based on using the Authorization Extension which requires being on one of the Auth0 paid tiers.
If you’re on a tight budget or only have a small number of users, a (potentially) more economical solution is to take advantage of the app_metadata
fields available on Auth0-managed users (these are fields that are read-only to the user).
To maintain parity with previous example, simply add the following entry to a user in Auth0:
…and then we need to create a new rule (or update the one we created previously) to grab this data from theapp_metadata
property of the user:
Again, if everything works, you should end up with a JWT that (when decoded) looks something like this:
You can read more about reading and writing user metadata here.
As usual, if you found this useful, give us a shout out on Twitter and if you are looking for some help on a JavaScript project, hit us up @ https://toJS.io.