Hi @tyf
Thanks a lot for your suggestions.
we have tried the second method suggested by you to âPermit or Deny login Requests using Auth0 Actionsâ and it worked. However, we have used Rules as of now instead of Action.
Now the only question remains related to this is:
We need to provide a list of whitelisted email ids of the users whom we want to authorize to a particular application. This is basically hardcoding these email ids into the Rule/Action.
example: const whitelist = [âxyz@abc.comâ];
Is there any way to automate this/ remove the need of this hardcoding of emails into a list?
as it is also cumbersome as every time, we integrate a new app or add a new user to the app we will have to make changes in the Rule/Action code.
The code we have used in the rule is as below:
function userWhitelistForSpecificApp(user, context, callback) {
if (!user.email || !user.email_verified) {
return callback(new UnauthorizedError(âAccess denied.â));
}
//Application 1
if (context.clientName !== âXYZâ) {
return callback(null, user, context);
}
const whitelist = [âxyz@abc.comâ]; // authorized users
const userHasAccess = whitelist.some(function (email) {
return email === user.email;
});
if (!userHasAccess) {
return callback(new UnauthorizedError(âAccess denied.â));
}
//Applicaton 2
if (context.clientName !== âXYZ1â) {
return callback(null, user, context);
}
const whitelistAP = [âabc@xyz.comâ]; // authorized users
const userHasAccessAP = whitelist.some(function (email) {
return email === user.email;
});
if (!userHasAccessAP) {
return callback(new UnauthorizedError(âAccess denied.â));
}
callback(null, user, context);
}
Also the other method suggested by you to use the combination of RBAC and Actions is unfortunately still not that clear for us to try it.
Can you help us with a reference in the doc or shed some more light over it in a bit of details?
Waiting patiently.
Thanks and Regards,
Aafreen