I’m fairly new to Auth0. I have a working Spring Boot application with security backed-up by Auth0 (implementation made with a guide). I’m able to register users, login and restrict their access with hasAuthority
.
I want to add roles to my system. My idea was to write the ROLE into the user metadata and have the token’s scope change whenever i login based on the user metadata information (i.e. role) - so when a user with ADMIN metadata logs in his scope will be different from when a regular user logs in. In turn - specific endpoints of my application will have ‘hasAuthority’ that fits an admin and will not allow access to any other token.
I’m struggling to find code snippets or working examples and i’m not quite sure my idea is the right way to implement this in the system.