I have a front end web client which is split into different sections. Some sections available to admin, some available to senior managers etc.
I also have data which is visible to supervisors but redacted for more junior staff.
I have set up two APIs one which give access rights to the various sections
The other that gives viewing rights to certain types of data
I then create roles such as administrator which have a number of these rights (both access and data) assigned to them.
I imagined that I would then have a user login and have details of what claims they have to access the front end and the data in a JWT which would be signed so it could be verified by the relevant APIS.
However I don’t think my understanding is correct. How should I be using Auth0 in this paradigm.
I appreciate this is a long winded question, but roles seem to be a bolt onto the product, and I am not sure of the best way to proceed.
Thank you for any assistance.