To synchronize groups from Auth0, you must create a group synchronization application in the Auth0 identity platform.

Creating a Regular Web Application in Auth0

  1. Log in to Auth0 identity platform and go to Applications > Applications.
  2. Click Create Application.
  3. Enter the name of the application.
  4. In Choose an application type, select Regular Web Applications.
  5. Click Create.
  6. Go to the Settings tab.
    1. Domain – The domain used for authentication. This is common for all your applications.
    2. Client ID – The ID of the application.
    3. Client Secret – The client secret of the application.
  7. Go to Advanced settings > Grant Types.
  8. Make sure that the following grants are selected:
    1. Authorization Code
    2. Refresh Token
    3. Client Credentials
  9. Go to Applications > APIs.
  10. Select the API you want your newly created application to access.
  11. Go to to Machine to Machine Applications tab and find your newly created application. Authorize it, and in Permissions, select read:roles.

Adding user roles into the JWT token

  1. In Auth0 Identity platform, go to Actions > Library > Custom.
  2. Click Build Custom.
  3. Enter the Action name.
  4. In Trigger, select Login / Post Login.
  5. In Runtime, select Node 16.
  6. Click Create.
  7. An editor will be displayed.
  8. Copy the code block at the end of this page, paste it in the editor and click Deploy.
  9. Go to Actions > Flows > Login.
  10. Drag and drop newly created Action to Login flow.
  11. Click Apply.
exports.onExecutePostLogin = async (event, api) => {
const namespace = 'hcp';
if (event.authorization) {
api.idToken.setCustomClaim(`$namespace/roles`, event.authorization.roles);
api.accessToken.setCustomClaim(`$namespace/roles`, event.authorization.roles);


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment