I like the tutorial video on how to use authentication with protected routes - React Protected Routes and Calling Secure APIs with Auth0 - YouTube . Is there a followup on using Authorization with RBAC? It would be great if the example is a build up of authentication example.
Those docs look like the best resources specifically for React implementations. The general RBAC docs are a great resource too, but they wont be specific to React.
The RBAC config docs are helpful if you haven’t been through that step yet.
I will pass the feedback on to the team who runs the blog. Thanks for giving your input! Can you provide more information about what makes the existing blog post unclear?
Hi @dan.woda,
Thanks for responding. The confusion is that I am able to get the Authentication part working based on auth0-react-samples/index.js at master · auth0-samples/auth0-react-samples · GitHub which does have a onRedirectCallback function. I also have a working ProtectedRoute or PrivateRoute to selectively provide access based on login.
Assume that we have a Role property set for the user - admin, owner and guest role set up for the user. How can I get that property (I am thinking as a part of onRedirectCallback function)? The profile page will indicate what role the user has.
Now, following react-rbac/index.js at master · auth0-blog/react-rbac · GitHub there is an explicit Callback. Is this different from onRedirectCallback or how can I incorporate the functionality?
Additionally, I see that user groups functionality which was part of extensions (now deprecated) does not exist currently. How can I use that functionality?
The issue here is that the blog post is using an older SDK and the React sample app is using a newer SDK. They function differently in terms of syntax, as well as under the hood with which auth flows they use. They are both valid, but different.
Unfortunately, there is no updated blog post that shows an implementation of RBAC with the newer SDK.
If you simply want to get the roles in your app you can add them to the token like this:
@dan.woda,
Thanks for the guidance. Will try the suggested solution. It would be great if you could mark the blog posts with the API version - hopefully, someone else can save time to make this work.
Thanks