How can I get entity permissions into a JWT?

mark.robustelli · 15 Sept 2023, 14:21

I have set up some Entities and permissions. I'd like to return those permission in the JWT. How can I accomplish this?

mark.robustelli · 15 Sept 2023, 14:30

This can be accomplished through using lambdas. You will want to create a lambda of type JWT Populate. The code will look something like this.

function populate(jwt, user, registration) {

  var urlToFetch = "http://localhost:9012/api/entity/grant/search?userId=" + user.id;

  var response = fetch(urlToFetch, {
    method: "GET",
    headers: {
      "Content-Type" : "application/json",
      "Authorization" : "this_really_should_be_a_long_random_alphanumeric_value_but_this_still_works"
    }
  });
  
  if (response.status === 200) {
    jwt.entityInfo = JSON.parse(response.body);
  } else {
    console.error("Error: " + response.status + " " + response.statusText);
  } 
  
}

The go to your application in the admin UI and under the JWT tab, under the Lambda settings section assign that lambda to the 'Access Token populate lambda'

A few things to keep in mind:

Please note the use of port 9012 when calling the API from the lambda. From the documentation "Use port 9012, or the configured value for fusionauth-app.http-local.port, whenever making a FusionAuth API call in a lambda. Doing so minimizes network traffic contention and improves performance."
As of this post, you will need the Essentials license for the HTTP Lambda Connect feature.