I’m trying to implement Auth0 in my react app. My react app requires the user’s role and permissions to block access to certain routes. It looks like there is no way to do it using @auth0/auth0-react
, so I’m assuming I have to go through the Management API, which is supposed to be used on the backend.
Is this the right flow?
- On the front end, login through auth0. Get an access token back
- make a
GET /api/permissions
request to my backend api to fetch the users permissions, attaching the access token as the Authorization header - My backend API will get the current user ID using the access token and make a request to Auth0’s management API to fetch the role and permissions and return them to the front end
- the front end uses the returned role and permissions to allow/block access to certain routes