Ensuring Authorization Core is activated?

Hi, fairly basic question this. The Auth0 docs talk a lot Authorization Core vs Authorization Extension. However, they don’t seem to talk about how to switch between the two approaches. For example, which one is enabled by default in an auth0 tenant? And, if it is Authorization Extension, how do you enable Core instead?

Hey there Declan!

Have you had a chance to check out this comparison between the two?

Authorization Extension is to be deprecated (that’s one of the core things you should have in mind).

None of these are “enabled” by default. In order to configure them here are the instructions:

  • Authorization Core
  • Authorization Extension Configuration

tl;dr - If you haven’t installed the Authorization Extension then the Authorization Core approach is what is available to you by default. (Correct?)

Thanks for the quick reply @konrad.sopala. That’s very useful. I had read the first two guides - but neither of them specifies what is the default in the Auth0 platform, which is confusing for someone new to auth0 (AFAIK this isn’t specified in those two guides; maybe I missed something).

It was a little bit like - here are your 2 options but without saying how to pick one or the other :grinning: (I totally understand that it is hard for docs perfectly to keep up with new features). The third doc is buried away in the “Extensions” node of the documentation, so I suspect someone new to Auth0 docs wouldn’t naturally find it.

Is it not correct to say that Core Authorization is what is available (maybe “enabled” is the wrong word) by default? ie. If I create some Roles and Permissions - functionality that is immediately available in the Auth0 UI - then I can attach them to my users. Granted - you have to understand APIs first and creating permissions there.

But, basically, by following the normal path one is following the “Core Authorization” way. If, for some reason, one needs to use the Authorization Extension, then they need to go out of their way and install the Authorization Extension and start doing things are off the normal path. Correct?

I hope I am not coming across as snarky. I just want to be sure I have this correct and maybe, by explaining my confusion, it might surface a way to improve the docs. Worst case, it should help anyone else who falls into the same incorrect thinking as me :grinning:

Many thanks,

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.