Help to set up authentication and authorization for SPA

Hey there.

I’m in the process of securing a Web API for a project that will deliver data to a SPA front end, but I’m having some issues actually securing it.

I know how to configure the SPA to be able to receive a token so that it can contact the API, but the API uses policies to filter what requests a user can make.

I know I can manually add users and give them rights, but in this case there could be several thousand users, and I obviously can’t add every single one.
99% of the users will only need read access, but some will also require write permissions.
The 1% that need elevated rights will be using a specific email domain.

I need a way to automatically give every user that signs up read permission, while users with @example.com domain need read and write permission.

Unfortunately, I have no idea how to do this. Please help.

Hi @Vegvisir,

Welcome to the Community!

If I understand your case correctly, this should be possible using Roles and RBAC and rules. You can create 2 roles, user and ‘adminfor example. In a rule, you can add theuser’ role to all users on first login, and add admin to all users with @example.com email domain.

Here is an example rule for adding the role:

Here is an example domain whitelisting rule:

Let me know if you need help piecing it together,
Dan

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.