Roles across multiple applications

Hi All,

I have a tenancy with several applications and was considering using Roles in our solution. The core role functionality does not have the ability to assign a role to an application (authorization extension does). I have prefixed the roles with an application prefix in an effort to perform this assignment (for example I have several admin roles which map to application roles in applications). My problem is now when I login to a specific application all the roles are included in the token not just those intended for the application I am logging into. Is this how roles are intended to be used or am I going down the wrong path?

Regards

Hi @law76,

This is the current state of roles in the context of multiple applications. If you want to narrow things down, you could assign roles more strictly, based on a client_id in rules.

If it isn’t causing specific issues, then you should be okay.

Thanks. Our use case is specifically to service external clients rather than internal employees so we were thinking of mapping auth0 roles to application roles. The applications themselves currently have the ability to create custom roles so I think this would get tricky moving forward. Would it be better to use auth0 for authentication and then leave the RBAC to the applications?

You could do this too. It’s hard to say what is better for your specific case without knowing it in a more granular sense. I think you could make the Auth0 RBAC features work, but what is better is ultimately up to you.

We are working on some features that may help this use-case, but there is not public timeline for these things yet.