Best practices for second-stage authorization

david36 · April 11, 2023, 3:51pm

We have an application consisting of a NestJS backend and two different NextJS clients. The clients call Auth0 to handle login. I would like to add an additional check which only permits specific users (identified by their email), with the exact users differing for each client.

Is the best practice for doing this to add an action? I have tried doing this within the NextJS clients by writing a custom login function, but have not yet succeeded.

One further question, assuming rules are the right way to do this. Is there any way I can set up the rules so they come from a GitHub repo? I’m uneasy about having part of our codebase in a hidden location.

nathan.jenkins · April 15, 2023, 5:12pm

Hi @david36 , welcome to the Auth0 Community!

Yes, we would recommend taking a look at utilizing Actions for this desired flow. You can find an example here that denies access based on the users email as a post-login action.

If you want to manage these actions by code, you can use the Management API, Action Endpoints
Hope this information helps, thanks!

Topic		Replies	Views
NextJs and api nestJs Help management-api , roles	2	2318	November 24, 2022
NextJs Auth0 SDK seperate sever validation process Help sessions , authentication-sessions	1	466	August 21, 2024
Auth0 + NextJS: Silent authentication during action flow Help auth0 , login , access-token , redirect , actions	4	4497	January 8, 2024
Auth0 and NextJS Server Actions Help nextjs-auth0 , sdks-quickstarts	2	771	July 8, 2024
Proper way to check for roles/permissions on nextjs backend Help apis , application	4	4066	January 5, 2023

Best practices for second-stage authorization

Related Topics