Troubleshoot Role-Based Access Control and Authorization

On this page

Role-based access control is enabled for my API, but the scopes claim is not showing what you say it should

Here are some solutions to common issues experienced when implementing role-based access control (RBAC) using the Authorization Core feature set.

Role-based access control is enabled for my API, but the scopes claim is not showing what you say it should

Make sure that you aren’t setting accessToken.scope in a rule.
Remember that any configured authorization rules run after the RBAC-based authorization decisions are made, so they may override the default behavior.

Check User Profiles

Troubleshoot Multi-Factor Authentication Issues