Troubleshooting: Role-Based Access Control and Authorization

Here are some solutions to common issues experienced when implementing role-based access control (RBAC) using the Authorization Core feature set.

Role-based access control is enabled for my API, but the scopes claim is not showing what you say it should.

Make sure that you aren't setting accessToken.scope in a [rule]. Remember that any configured authorization rules run after the RBAC-based authorization decisions are made, so they may override default behavior.

Keep reading