Subscription-based authorization

I’m developing a quiz app which requires authorization for only-subscribed members can see.

How to do that? I’m thinking of putting metadata (is_subscribed) to true for subscribed member and give the scope so he/she can gain permissions.

But, I don’t know how to do it. Please help

You can use the management API to update your user’s app_metadata with is_subscribed.

You then need a rule that will check for this flag and grant the appropriate scopes. Here’s a quick, untested example:

const subscriberScopes = ['write:profile', 'read:profile'', ...];

if(user.app_metadata && user.app_metadata.is_subscribed) {
    context.accessToken.scope = subscriberScopes.join();