Connection based roles for multiple applications

dstringers · February 12, 2021, 2:26am

Hi there. I am trying to configure multiple different applications to use one database, and for each user, be able to set access to the applications). I am trying to understand the finer points of the Auth0 interface, and I have come up with an idea for how I can implement this, but I wanted to see if anyone could give some feedback.

Give each user in the application one or more roles (which corresponds to the applications they have access to) in the user metadata.
Create a Rule which checks the users role upon authentication.
Somehow apply one rule for each application.

Is it possible to apply a rule to a single application, or do I need to use a global rule to check the application that the request is coming from (via the context variable?)

Thanks!

stephanie.chamblee · February 16, 2021, 10:14pm

Hi @dstringers,

Welcome to the Community!

I think this approach makes sense!

Unfortunately, rules cannot be applied to individual applications, so you will need to add a check on the context object’s context.clientName property like so:

function ruleForSpecificApp(user, context, callback) {
  // only run rule for NameOfTheApp
  // bypass this rule for all other apps
  if(context.clientName !== 'NameOfTheApp'){
    return callback(null, user, context);
  }
 
  // add rule logic here

  return callback(null, user, context);
}

Here is an FAQ for applying default roles which may be helpful for your implementation:

How do I add a default role to a new user on first login? - #2