Auth0 Home Blog Docs

Authorization Series — Pt 2: Securing HTTP APIs with RBAC rules

In this article, you will learn how you can leverage Auth0’s RBAC (Role-Based Access Control) feature to handle end-user authorization in your APIs.

Read on :raised_hands:

Brought to you by @bruno.krebs :man_technologist:t5:

Nice article, thanks! One question though: the application you use to demo the access control https://troubleshoo.now.sh talks to multiple APIs (expense, invoice and vacation). As far as I understand it, this is not something the current SPA SDK (auth0-spa-js) supports, it only accepts a single string for the audience parameter. Would you mind sharing how you accomplished this functionality? And is auth0-spa-js going to get support for dealing with multiple APIs?

Hey there, @fnberta. Sorry for the delay. I didn’t do any magic, I simply rebuild the Auth0 client when the users of the https://troubleshoo.now.sh hit the Save button after changing the configuration. That is, I talk to a single audience.

I will check regarding your last question and post you with updates here.