I spent some time reading the doc about the new Authorization Core feature, but I could not find an answer to my question: can I use Authorization Core for applications?
With the Extension I can define some permissions tied to an app, put them in a role, and assign this role to a user. Whenever the user logs in (I’m using Authorization Code flow), my app will receive a token containing those permissions (if I configured a rule to insert them) or I can fetch them from the user profile.
Now with Core, my understanding is that a user requests a token for an API, and the resulting token will have the permissions. Can I use Core to set permissions/roles for a user, and then access them from my application? Does it even make sense since my application is, by definition, an application and not an API?
And if it’s not possible, what is the standard way to manage permissions for an application? (I guess that since Core is meant to replace Extension entirely, it must be possible to do that?)
Also, what does the “Enable RBAC” button on an API do?
Apologies for the imprecision, it has been a long time since I implemented Auth0 on my projects…