Social Media app - using auth0 roles

I’m putting together a small social media app, and have the following use case.

  • Users are allowed to create groups
  • Certain users are admins of the group

Is it possible for me to use auth0 roles to determine if a user is an admin of a group or not? This would involve me somehow creating roles dynamically from my application and posting them to Auth0…

Or is the better way (and the way I’m currently doing it) just to avoid using Auth0 for this, and simply check if any given user is an admin of a given group in my application?

I’m just wondering if roles are ever used for this sort of use case.

Hi there @raph90 welcome to the community!

You can create roles/permissions in Auth0 however you see fit, so grouping some users as admin is certainly possible. Here’s a general overview of how roles work in an access control context:

Regarding creating them from your application, you might want to look into using the Management API, in particular api/v2/roles.

Lastly, you would probably be interested in adding these roles to an Access and/or ID Token. You can achieve that with something like:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = 'https://my-app.example.com';
  if (event.authorization) {
    api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
    api.accessToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
    
  }
}

Some more on adding custom claims to Actions here:

Hope this helps to clear things up a bit!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.