Greetings community, I have many doubts about how to work the Role-Based Access Control approach in SPA applications, I have the following scenario: implement authentication to my SPA as is the quick start of oauth2, investigate that for roles I must use this extension “Auth0 Authorization” but my question is how by adding roles and permissions I can read this in my SPA to save that user state.
Thanks for the help
Hi @Limpi23,
Welcome to the Auth0 Community!
I understand you have some questions regarding Role-Base Access Control (RBAC). I’d be happy to help.
First, I’d like to inform you that the Auth0 Authorization Extension will eventually be deprecated. Given that, I strongly recommend you use the Authorization Core to implement RBAC.
Using the Authorization Core will improve scalability and performance.
To do so, please take a look at our Authorization Core documentation.
Then in the authentication flow, you can pass the user’s permission in the scope parameter to allow them to gain access to a specific resource.
And optionally, you can get the permissions and roles from your users using the get user permissions endpoint and get user roles endpoint respectively.
Please let me know if you have any questions or need further clarification. I’d be happy to help.
Thank you.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.