Hello Auth0 Community,
I’m a newbie when it comes to Auth0, so I’m posting this topic in the hopes that someone could offer some clarification on accessing Auth0 user roles and permissions. I followed the quick-start guide for a regular Django application, which uses open-id as it’s default protocol (and successfully logged in). At this point, after some research, I setup a machine-to-machine application and added some sample permissions, attached them to a role, and assigned that role to my own user account (the attached API has RBAC enabled + permissions added to access_token); however, I’m confused on the following:
-
Do I need to connect to the Auth0 management API from the Django server in order to pull the user’s roles and permissions? Or…
-
Is there a simpler and more direct way to access user permissions upon login to the regular Django application? Perhaps by attaching a user’s permissions to the session object?
Ideally, I’d like a user’s permissions sent with their authenticated session as it seems more straightforward and requires less overhead. Sorry if this is a basic question, I’ve seen multiple solutions, some use rules, some ping the management API, and some add this information to the id_token. I’m at a bit of a loss as to which/how to implement.