Auth0 Authorisation for a Regular Web Application

Hi everyone,

I’ve spent the past few days trying to wrap my head around Auth0 and its ability to do authentication and authorisation.

I have an existing project which is a Regular Web Application (Application) that I assume uses the System API (API). Anyhow, I need to add authorisation to this existing system.

My thought was to create a custom API since I found a lot of documentation doing it this way. This allows me to enable RBAC and setup permissions and roles. However, after I set this all up I noticed that I will no longer be using the original Regular Web App which contains all the existing users. By this, I mean how the application originally authenticates.

So my question is, how do I go about enabling authorisation to this existing Regular Web App. Do I keep progressing with the custom API and just create a new API call to get the user’s roles and permissions? Or am I way out of scope.

Thanks everyone :slight_smile:

Hi @josh.piper1505,

Welcome to the Auth0 Community!

I understand that you have some questions related to Authorization.

To help me better understand your use case, could you please clarify whether you would like to prevent certain users’ access to your Regular Web App based on different roles/permissions?

If not, could you please elaborate on your intended workflow using Authorization?


Hi @rueben.tiow ,

I want the permissions/roles to be attached to the user on login so then I can do validation of the front-end. For instance, blocking out access to a certain page using the front-end via graying out a button.

So its more validation of the routes of the website.

I also have the intention to use the same permissions and roles to restrict access to my backend API calls. But I’m still waging up the pro’s and con’s considering I may need to setup a proxy since I am using an external API