Hi,
Have been searching and browsing the forums, docs and Google but can’t find any documentation or guide about how to do this.
Simply put, I have authentication working in my Laravel 8 App which is great. Now, I’d like to check via a middleware on a route, if the user has the role required.
I can see how I can do that via the API Authentication by including the roles in the token, but I’m trying to protect a web route, not an API route. It’s the standard cookie based session auth.
Does anyone have any ideas? Thanks
So far I’ve been able to get something working using Rules:
function (user, context, callback) {
const namespace = 'https://mirai/';
context.idToken[namespace + 'user_metadata'] = user.user_metadata;
context.idToken[namespace + 'roles'] = context.authorization.roles;
callback(null, user, context);
}
This means within my Laravel App I can do:
App::make('auth0')->getUser()
This then shows the roles entry within the profile section, and the roles are listed within that.
Is there any better way?
Of note, the ‘accessToken’ within the ‘getUser()’ data is null - even though I have the Auth0 Laravel PHP options set to persist it? Shouldn’t the roles and permissions be encoded in that Access Token? If I could get it, maybe all this would be easier.