I haven’t found a way/rule to consume the role permissions in the app. It’s working well in the API project (separate service) that I have, but I don’t see the equivalent settings to include the permissions claims in the token for the Native application.
I have also considered that perhaps it’s a matter of ASP.NET Core MVC being Role-Based and therefore it’s not appropriate to use the permissions. Is my design goal fundamentally wrong?
About halfway down there is a section titled * Handling Authorization in React Apps: the Naive Way* that may provide some insight into how to handle roles and permissions in your client side app.
Thanks @dan.woda I will give that a read and see if it might work. Just to clarify, will this work in an ASP.NET Core MVC app since that’s running on a server (ie. traditional/regular web application vs a single-page app such as Vue or React)?
@dan.woda I think that I’ve got a good grasp of how this might be done, but I imagine that the next step is to build the list of permissions dynamically based on querying the Auth0 API for the role permissions as well.
I’m going to begin investigating that now for my context. The article is helpful, but I don’t see the tie-in to the Authorization Core (is that the role/permission assignment that appears in the dashboard).
I am not an expert on the ASP.NET core, so there may be some gaps that need filled in, but you should be able to translate the concepts form the react sample.
Yes, the authorization core is the roles and permissions assignments shown in the dashboard. You can add the user’s roles to a token like this:
Could you outline an example to help us understand your use-case better?