Hi there
I’m following the Express Quickstart and the Auth0 Express Pug tutorial to protect a standard web application. Login / logout works fine.
But now, I need to protect the application further, so that only users with a certain role can access certain routes. I found an example page with some brief info, but checking claims as failed miserably so far. When I examine the user info in req.oidc.user
, I cannot see any role info, despite the fact that I created a role and assigned it to the user in the Auth0 dashboard.
I did search for this extensively, but have not yet found a good NodeJS/Express example. Instead I’ve seen lots of discussions about “Authorization Core” (which I’m using AFAICT) vs. “Authorization Extension”, APIs and C#
In any case, while the standard authentication was actually super simple, the authorization seems to be a lot harder then one would expect. Can someone point me to the pieces I’m missing, a working example, tutorial, documentation? Thanks!
Happy holidays!
Will