I have an Angular Client as Frontend and a Cloudflare backend API.
I understand that I need to set the Application as Single Page and therefore the bearer authorization in the API request headers is not a JWT token you can validate but an opaque token: you need to call a user profile endpoint where the authorization token can be decoded into a readable json.
See also my post on cloudflare community.
And it’s also my understanding that if I call the user profile endpoint with that bearer I can’t retrieve the roles - unless I set them through a specific rule via metadata, but also in that case they are not read from the roles assigned to the user in the Auth0 User Management but simply written by the rule code with some custom derivation e.g. from the user email, so it is a really different/separate thing.
In conclusion it seems to me that the only option I have to retrieve the roles from the user id is configuring a management api ‘api/v2/users/’ + userid + ‘/roles’ with minimal permissions to check it.
Am I correct or is there a better way to retrieve the roles from Cloudflare Worker API without any access to the management API ?