I’m a new user of Auth0 and I’m struggeling with understanding the scopes.
I would expect the user role to be defined in the database (I use MongoDB) with all the other paramaters which are created by the Auth0 after sign up. Then the Auth0 on my node server would check the role and decided wheter or not to allow the user to access such route.
I do not understand why should I allow the users to have the scope stored in the localStorage, because it seems to be redundant (it still needs to be checked on the back-end) and unsecure. I am sure there is a reason for it but I can’t see it yet.
Can anyone tell me whether it is possible to alter the Auth0 behaviour to the example flow I have written above and also explain the reason for the scopes?
Thank you a lot!