Here are some solutions to common issues experienced when implementing role-based access control (RBAC) using the Authorization Core feature set.

Role-based access control is enabled for my API, but the scopes claim is not showing what you say it should

  • Make sure that you aren’t setting accessToken.scope in a rule.
  • Remember that any configured authorization rules run after the RBAC-based authorization decisions are made, so they may override the default behavior.