I want to use Auth0 for Access Control to authenticate users and control user permission in my client side javascript application. I also need to connect to a web-based hosting service for version control (Gitlab, BitBucket) from the client side app. I need some users to have only read access to this 3rd party API and other users to have write access.
I can setup an implicit grant workflow in Gitlab to grant either read(1) or write access(2) for an application. But since I need different users of my application to have different permissions I need the Access Control provided by Auth0.
My question is, Would it be safe to create an implicit grant workflow with Auth0 to authenticate users and based on their scope(permissions) either start the read implicit grant process(1) or write implicit grant process(2) to access the Gitlab API ?