Implementing Authorization with RBAC ReactJS

I like the tutorial video on how to use authentication with protected routes - https://youtu.be/NuCZgR09csE . Is there a followup on using Authorization with RBAC? It would be great if the example is a build up of authentication example.

The example at https://auth0.com/blog/role-based-access-control-rbac-and-react-apps/ was not clear.

Any other docs that could help me to implement the authorization part?
Thanks

Hi @shivaram,

Welcome to the Community!

Those docs look like the best resources specifically for React implementations. The general RBAC docs are a great resource too, but they wont be specific to React.

The RBAC config docs are helpful if you haven’t been through that step yet.

I will pass the feedback on to the team who runs the blog. Thanks for giving your input! Can you provide more information about what makes the existing blog post unclear?

Hi @dan.woda,
Thanks for responding. The confusion is that I am able to get the Authentication part working based on https://github.com/auth0-samples/auth0-react-samples/blob/master/Sample-01/src/index.js which does have a onRedirectCallback function. I also have a working ProtectedRoute or PrivateRoute to selectively provide access based on login.
Assume that we have a Role property set for the user - admin, owner and guest role set up for the user. How can I get that property (I am thinking as a part of onRedirectCallback function)? The profile page will indicate what role the user has.
Now, following https://github.com/auth0-blog/react-rbac/blob/master/src/index.js there is an explicit Callback. Is this different from onRedirectCallback or how can I incorporate the functionality?

Additionally, I see that user groups functionality which was part of extensions (now deprecated) does not exist currently. How can I use that functionality?

Thanks

The issue here is that the blog post is using an older SDK and the React sample app is using a newer SDK. They function differently in terms of syntax, as well as under the hood with which auth flows they use. They are both valid, but different.

Unfortunately, there is no updated blog post that shows an implementation of RBAC with the newer SDK.

If you simply want to get the roles in your app you can add them to the token like this:

@dan.woda,
Thanks for the guidance. Will try the suggested solution. It would be great if you could mark the blog posts with the API version - hopefully, someone else can save time to make this work.
Thanks

1 Like

Thanks for the suggestion, I will pass the info on to the team.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.