I am working on a regular Rails app with server-side rendered erb templates. I’ve been asked to implement roles and permissions and to evaluate Auth0 RBAC.
Looks like Auth0 requires an API and JWT to implement RBAC and every example of Auth0 RBAC I can find uses a ‘split’ architecture between frontend and backend that relies on JWT for authentication.
Am I right to believe Auth0 RBAC is not possible with a regular server-side rendered rails app?
RBAC is possible with a regular web app or SPA+API, it doesn’t matter.
It sounds like you may have looked at the examples where roles are associated with permissions in an API, but you don’t have to assign specific permissions to roles.
Here is an example of how you can use roles in a regular web app:
A user (who you have already assigned a role) authenticates/logs in through your Auth0 hosted login page
The tokens are returned to your rails server, your server decodes and verifies the token, then looks at the roles claim assigned in the rule. This allows the user to perform role-specific actions, based on the claims in the token. (e.g. an accountant role lets the user read/update the accounts table in your DB)