Hello Auth0 Team,
I have implemented a Next.js application using Auth0 for authentication and RBAC. While the basic functionality (login, role-based access) is working, I need guidance on two specific areas:
-
Real-time Permission Updates:
- How to properly update user tokens when roles/permissions change
- Best approach to refresh permissions without requiring user logout
- Recommended way to handle permission changes in real-time
-
Permission Validation:
- Current implementation uses token claims for permission checks
- Need to validate permissions both client-side and server-side
- Looking for best practices to handle permission checks efficiently
Current Setup:
- Next.js application with @auth0/nextjs-auth0
- RBAC implemented using Auth0 roles and permissions
- APIs secured with Auth0 middleware
Could you please advise on:
- Recommended approach for handling permission updates
- Best practices for token refresh when roles change
- Most efficient way to validate permissions across the application
Thank you for your assistance.
Best regards,
Ahmat