I found somes resources that describe adding Roles and Permissions using Auth0 actions and customizing the scope of jwtAuthz, which I wonder if I can use as a solution to secure an API endpoint, but I haven’t had a chance to test this yet. I came across this stuff when attempting to figure out how to get an API access token with roles/permissions for a user with an Auth0 Regular Web Application.
hi everyone.
I have the following piece of code in an Action that is triggered during post-login:
exports.onExecutePostLogin = async (event, api) => {
var map = require('array-map');
var ManagementClient = require('auth0').ManagementClient;
var management = new ManagementClient({
domain: event.secrets.domain,
clientId: event.secrets.clientId,
clientSecret: event.secrets.clientSecret
});
var params = { id: event.user.user_id, page: 0, per_page: 50, include_totals: …
I have been following the steps described in this tutorial: API and SPA Configuration (SPAs + API)
At some point, I have configured an API, created roles, attached permissions and created a test user.
My access token now contains something like this:
{
"iss": "my-tenant",
"sub": "...",
"aud": [
"my-audience",
],
"iat": 1568059650,
"exp": 1568146050,
"scope": "openid email profile",
"gty": "password",
"permissions": [
"read:something",
"write:something"
]
}
I w…
Hey there!
Yep we don’t have anything specific for Ruby on Rails but have you checked our general step by step docs on enabling RBAC?
Hi @milotis ,
Thanks for reaching out to the Auth0 Community!
Yes, please see this FAQ on how to accomplish RBAC for your application.
Please let me know if you have any questions.
Thank you.