Create same 'roles' in different applications

Hi,

I am new to Auth0, I have created a testing account in auth0

created two Single pages application ie ‘ProjectDevelopment’ and ‘ProjectProduction’ and two API’s ie https://project-dev.io and https://project-production.io
and enabled ‘RBAC’.

Everything works for me in the development application my application flows as follows

  1. Disable signup because it is an invite-only application(Done by referring this https://auth0.com/docs/design/creating-invite-only-applications)
  2. Create roles by calling auth0 api
  3. Add permission to Role
  4. Create user and assign role to user

In production am trying to do the same but when i try to create a ‘role’ create role api throwing error ie

“error”: “{“statusCode”:409,“error”:“Conflict”,“message”:“The role already exists.”}”,

I cannot create a same ‘role’ in two different applicaitons, I also tried with using different database for two apps but its again saying my role already
exists in my development applicaiton.

I would like to know two things

  1. How to create the same role in two different application?
  2. Is there any restriction to create the same user in different applications?

code I am using for creating the role

Generate token

 auth0Domain = dev-test.auth0.com

const auth0 = new AuthenticationClient({
      domain: config.api.auth0Domain,
      clientId: config.api.auth0ClientId,
      clientSecret: config.api.auth0ClientSecret,
    });
 auth0.clientCredentialsGrant(
    {
      audience: `https://${config.api.auth0Domain}/api/v2/`,
    },
    (err, response) => {
      if (err) {
        // Handle error.
        debug(`auth0 created error ${err}`);
        reject(err);
      } else {
        // debug(`auth0 token generated`, response.access_token);
        resolve(response.access_token);
      }
    })

Create Role

const management = new ManagementClient({
token: accessToken,
domain: config.api.auth0Domain,
});
management
.createRole(data)
.then((roleRes) => {
debug(auth0 createRole success ${JSON.stringify(roleRes)});
resolve(roleRes);
})
.catch((err) => {
// Handle error.
debug(auth0 createRole error ${err});
reject(err);
});

Hi @dibeesh,

Typically you will set up your prod and dev environments in seperate tenants. This will guarantee isolation between the two and would solve this issue.

To do this you will want to name your roles specific to the application. For instance, you may have a Marketing Admin role and a Accounting Admin role. This doc may give some insight, but it doesn’t mention this solution explicitly:

Users aren’t application specific, they are connection specific. This would likely be addressed if you set up seperate tenants like mentioned in the doc above.

Let me know if you have further questions.

Thanks,
Dan

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.