I’m developing a quiz app which requires authorization for only-subscribed members can see.
How to do that? I’m thinking of putting metadata (is_subscribed) to true for subscribed member and give the scope so he/she can gain permissions.
But, I don’t know how to do it. Please help
You can use the management API to update your user’s app_metadata
with is_subscribed
.
You then need a rule that will check for this flag and grant the appropriate scopes. Here’s a quick, untested example:
const subscriberScopes = ['write:profile', 'read:profile'', ...];
if(user.app_metadata && user.app_metadata.is_subscribed) {
context.accessToken.scope = subscriberScopes.join();
}