I have a simple calendar app, with react front end and express backend.
i am a newb and this is the first spa i have built.
I use Auth0 for authentication and authorization.
Users can sign in with google, create there own data and access there own data on the api.
I would like to have a set up where users are administrators of their own data and can grant other users access to view this data. This could be by adding a gmail address to a settings page.
I would like to do be able to do this without having to do anything on the dashboard to change permissions for users. It should be all doable from the react app.
i have thorougly searched for information on how to do this and cant find anything, i think perhaps i dont have the volcabulary to phrase the search properly.
Something similar would be the way I can add gmail address in google calendar to give permision to someone to view my calendar events.
Having users be able to grant access to their data to a specified set of other users is somewhat outside the scope of what Auth0 does, currently (I know there are features in the pipeline that may apply).
Basically, your express backend would manage the user lists, and be responsible for managing access to user data.
ah thanks at least i cant stop searching for functionality that doesnt exist.
are you saying that i can still use auth0 but that i have to manage who has access to whoms data, and that i just check the id of a user on there access token when they request another users data.
i had thought of that just thought it seemed a bit simple and i wasnt sure if it was in line with best practices.
or are you saying i need to look for a different solution altogether?
Yes, use Auth0, just have a mapping between Auth0 user IDs and your user IDs, and when you get an access token, use the user ID to determine if they have access to the requested data.