We would like to restrict access to one of our React Applications based on a set of permissions set on a Role in Auth0. We are looking at using RBAC to achieve this and have the permissions working with the correct Scopes being shown in the JWT.
I am currently using auth0-react and this example auth0-react/EXAMPLES.md at master · auth0/auth0-react · GitHub to get a ProtectedRoute that uses withAuthenticationRequired()
's claimCheck option.
What is the best way to confirm the users has the expected scopes in their Access JWT?
I am attempting to use GitHub - auth0/node-jsonwebtoken: JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html to decode the token and look at the scopes. I got concerned when I noticed the age and number of issues on the repo.
Is there a built in way to confirm a user’s access token has the scopes requested with the Auth0Provider
?
Is the ClaimCheck in withAuthenticationRequired()
the method that should be used for this?