How to "Protect a route based on specific claims" for "Standard Web Application" (NodeJS/Express) and

Hi there

I’m following the Express Quickstart and the Auth0 Express Pug tutorial to protect a standard web application. Login / logout works fine.

But now, I need to protect the application further, so that only users with a certain role can access certain routes. I found an example page with some brief info, but checking claims as failed miserably so far. When I examine the user info in req.oidc.user, I cannot see any role info, despite the fact that I created a role and assigned it to the user in the Auth0 dashboard.

I did search for this extensively, but have not yet found a good NodeJS/Express example. Instead I’ve seen lots of discussions about “Authorization Core” (which I’m using AFAICT) vs. “Authorization Extension”, APIs and C# :rofl:
In any case, while the standard authentication was actually super simple, the authorization seems to be a lot harder then one would expect. Can someone point me to the pieces I’m missing, a working example, tutorial, documentation? Thanks!

Happy holidays!
Will

Ok, either my question is super stupid and I’m simply missing the obvious, or this standard use case is too complex of Auth0? In any case I guess I’ll have to solve this myself – without Auth0. :disappointed_relieved: