Role Permissions in Blazor Server App

Hi,

I’m new to Auth0 and I’ve been playing around with it and so far everything works as expected. However I have a problem that I couldn’t find a straight answer too and I don’t know if this is at all possible.

I have a blazore server app and a asp.net core api.
In Auth0 I’ve created a API and added some permissions to it. I’ve then created some roles and added the permisssion to those roles. Finally I’ve added the roles to users. When I’m now I can now connect to the API part and get my permissions. that are assigned to the role that the user has.

Now I would like to retrieve these role permissions in my Blazor server app to had certain parts of the interface based on those permissions.

for example: User has products.read => he should be able to see the page products.
an icon/button would become visible if the user has a role with the permission product.update

Would anyone be able to assist me with this? I’ve been struggling with this for a couple of days now.

Thanks in advance

Hey there @olivier.vanheste !

Completely agnostic to tech stack, this is typically achieved by adding permission to access tokens - The easiest way to do this is by enabling the option in the settings of the API registered in Auth0.

1 Like

Hi @tyf ,

Thanks for the response indeed I used this toggle button and this enabled me to call my API in context of a user.

However in my use case I’ve just authenticated and I want to load the pages. When I’m requesting an access_token for the API it will indeed contain the role permissions. However in my Blazor Server App, the identity_token is being checked.

I was able to add the roles to this token with actions, but I can’t seem to find a way to add the persmissions.

My code in the Blazor Server App is the following:

builder.Services.AddAuth0WebAppAuthentication(options =>
{
    options.Domain = builder.Configuration["Auth0:Domain"];
    options.ClientId = builder.Configuration["Auth0:ClientId"];
    // new line
    options.ClientSecret = builder.Configuration["Auth0:ClientSecret"];
    options.Scope = "openid profile email";

}).WithAccessToken(options =>
{
    options.Audience = builder.Configuration["Auth0:Audience"];
});

Gotcha! Thanks for clarifying :slight_smile: You could infer permissions from roles (this is a common practice) or you will need to add them in additional steps:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.