Last active
June 2, 2025 20:33
-
-
Save saltukalakus/f06c56960fb1ad36f69660d7689a218f to your computer and use it in GitHub Desktop.
Insert intersectional permissions and additional ones
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function (user, context, callback) { | |
| var ManagementClient = require('[email protected]').ManagementClient; | |
| var req = context.request; | |
| var audience = req.query.audience; | |
| var scopes = (req.query && req.query.scope) || (req.body && req.body.scope); | |
| var permissionNames = []; | |
| // Limit the rule execution for the realted API identifier | |
| // https://auth0.com/docs/get-started/dashboard/api-settings | |
| if (audience === "https://my-api-identifier") { | |
| var management = new ManagementClient({ | |
| token: auth0.accessToken, | |
| domain: auth0.domain | |
| }); | |
| var params = { id: user.user_id}; | |
| management.getUserPermissions(params, function (err, permissions) { | |
| if (err) { | |
| // Handle error. | |
| } | |
| // execute the scope manupuation only for my API audience | |
| scopes = (scopes && scopes.split(" ")) || []; | |
| permissions.forEach(function(obj) { | |
| if (scopes === obj.permission_name) permissionNames.push(obj.permission_name); | |
| }); | |
| // Add some more permissions which aren't bound to user's permissions | |
| permissionNames.push("test:test"); | |
| // Modify the scope | |
| context.accessToken.scope = permissionNames; | |
| callback(null, user, context); | |
| }); | |
| } | |
| callback(null, user, context); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment