How to give roles and permissions to users in a Python WebApp

xmjoodi · June 22, 2021, 1:28pm

I’m developing a simple python web app that has two roles.
Let’s call them Role (A,B).
A permissions: [1,2,3]
B permissions: [4,5,6]

I want to be able to assign users a default role (A).
I want to be able to differentiate between the users that have signed.

In order to solve problem one, I assumed that any user that have signed into my web app by default is given a a default Role (A) by hitting the API management (expensive). In order to be of role B, you need to send a ticket for being of Role B (which is not what I really intend).

In order to solve problem two, I just use JWT to check permission. If permission (1) is there in JWT then I know user is of role (A) else user is of role (B).
However, in order to obtain JWT I ended up saving the “access token” in the session, which is terrible.

I wonder if there’s a way to give default roles to users and be able to differentiate between them that’s easy and secure.

Thanks in advance.

stephanie.chamblee · June 22, 2021, 3:25pm

Hi @xmjoodi,

Here is an FAQ for adding a default role to the user:

Please let me know if you have additional questions about this.

You can store the roles in a custom claim:
https://auth0.com/docs/scopes/sample-use-cases-scopes-and-claims#add-custom-claims-to-a-token

You’d then access the custom claim in the /userinfo request as described in the quickstart:
https://auth0.com/docs/quickstart/webapp/python/01-login#add-the-callback-handler

xmjoodi · June 23, 2021, 11:45pm

Thank you @stephanie.chamblee that was really helpful.

Have a lovely day
Keep Authing

system · July 8, 2021, 11:45pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.