Hi @nedumarans,
My apologies … I did not realize you were looking at the authorization extension. We did use the authz extension for one of our apps, but we had some trouble with it (occasional 500 errors when the webtask.io container got recycled) so we did not deploy it beyond that one app.
(It is worth mentioning that Auth0 is working on a replacement for the authorization extension.)
For the rest of our apps, we store roles in the user’s profile in Auth0 (our user data store is an Auth0 hosted database). In this way, the roles can be shared across all applications.
So, for example, we have something like the following in the user’s app_metadata:
"app_metadata": {
"roles": [
"role1",
"role2",
...
]
}
This specific model likely won’t work (not complex enough), given the number of roles you are looking at, but you could modify this model to work for you. Again, I expect you would probably want to use an external database to store this data. The main difference in this model is you don’t get the group-role-scope mapping logic of the authorization extension. You have to build that yourself.