Open snake575 opened 7 years ago
this is why i "standarized" it with the AUTHORIZATION_EXTENSION setting.
the recommended(and mostly easy to use IMHO) way is to simply enable the authorization extension in auth0 and use it in our apps.
HOWEVER: i will add a disclaimer to notice what scopes are needed in order to use this app.
If this answer is enough to you, please let me know to close this issue
Which one is the default one? Token Contents is the first one on the screen, but I think both are disabled in the beginning. We could add another setting to specify if Token Contents or Persistence is in use on the extension.
hi @Snake575, it seems to be that the extension has changed a little bit/a lot since version 1(i'm assuming that you're using version 2), so i believe that we must support both version 1 and 2 of the extension(i promise work on it in the following weeks)
¿what version of the extension are you using?
I didn't notice there are 2 versions... I'm on 2.1!
Can you post screenshots of the configs used in your version please!
I did some extra testing... turns out that enabling Token Contents allows the following:
With Auth0-Lock options config:
{
auth: {
params: { scope: 'openid roles groups permissions' }
}
}
Extension config:
Token payload:
{
"groups": [],
"permissions": [],
"roles": [],
"iss": "...",
"sub": "...",
"aud": "...",
"exp": ...,
"iat": ...
}
On the other hand, Persistence says it persist the extension data on user profile's app_metadata
. However in my test the extension auth data is always present on the profile, regardless if the persistence fields are activated or not.
User's profile:
{
...
"app_metadata": {
"authorization": {
"groups": [],
"roles": [],
"permissions": []
}
},
"authorization": {
"groups": [],
"roles": [],
"permissions": []
},
...
}
I'll create another app with authorization 2.x to think how to manage this problem and have an update this week!!!!
I bet you noticed that i didn't solve this, in the following 2 weeks i will solve this issue
Stay tuned
I was testing the extension and found that
roles
,groups
andpermissions
are not necessarily included on app_metadata.If one selects the fields on the Token Contents section, then they are included like this:
{ sub: '', iss: '', ... , roles: [], groups: [], permissions: [], }
if one selects the fields on the Persistence section, then they are included like this:
{ sub: '', iss: '', ... , app_metadata: { authorization: { roles: [], groups: [], permissions: [], }, } }
On both cases, it's important to note the one must include
roles
,groups
,permissions
orapp_metadata
on the token's scope on the client app, otherwise none of them are included on the token.