Flow for fetching a user's role and permissions

I’m trying to implement Auth0 in my react app. My react app requires the user’s role and permissions to block access to certain routes. It looks like there is no way to do it using @auth0/auth0-react, so I’m assuming I have to go through the Management API, which is supposed to be used on the backend.

Is this the right flow?

  1. On the front end, login through auth0. Get an access token back
  2. make a GET /api/permissions request to my backend api to fetch the users permissions, attaching the access token as the Authorization header
  3. My backend API will get the current user ID using the access token and make a request to Auth0’s management API to fetch the role and permissions and return them to the front end
  4. the front end uses the returned role and permissions to allow/block access to certain routes

Hello @bigpotato welcome to the community!

Sorry for the delayed response, but wanted to follow up on this one.

This sounds like a perfect use case for Role Based Access Control (RBAC). You can “automatically” add these to a user’s access token with this setting on your API configuration.

You can add roles to a user’s ID token (for front end consumption) using an Action. Depending on your app’s particular needs, typically you should be able to rely on Roles to make front-end decisions as the permissions claim will exist in access token which is consumed by your API.

Hope this helps!