I want to use the lambda feature of FusionAuth to populate the JWT depending on which app the user logins, because a same user can log into different apps and have several roles or groups in it. I don't want the JWT being populating of every role, being a role action that the user can make into the app(following the NIST RBAC model it will be permissions like 'read:attentions' or 'delete:tests') because it could be dozens of them (syze reasons), instead of that i want the JWT to be populated with the Groups the user has it that specific app. I tried assigning the roles property with empty array but not succeed. I know that the tool by default dont allow you to change the roles property, but there is a way to delete it?.
function populate(jwt, user, registration) {
jwt.group = registration.data.group;
jwt.roles = [];
}
Anyway the token keeps having the roles, how can i remove them?
{
"aud": "xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx",
"exp": xxxxxxx,
"iat": xxxxxxx,
"iss": "acme.com",
"sub": "xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx",
"authenticationType": "PASSWORD",
"email": "xxxxxxx@mail.com",
"email_verified": true,
"applicationId": "xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx",
"roles": [
"read:attentions",
"write:attentions"
],
"group": "financer"
}
