I have CRUD web application with a tech stack of mongodb, nodejs, express and ejs. I am using auth0 for user authentication to access the web app. i want to perform role based authorization so that only certain users can access the certain functionalities. How do i implement this?
i.e. if the role assigned to the user is Admin, the edit and add buttons on the web app will be available else, the buttons will be disabled
async function getUserRolesFromAuth0(userId) {
const options = {
method: āGETā,
url: https://samcomelectronics.us.auth0.com/api/v2/users/${userId}/roles,
headers: {
Authorization: "Bearer " + process.env.AUTH0_TOKEN,
},
};
Basically after the user logs in there is a crud app with edit, delete, view and add record buttons. i want to make it such that the edit, delete and add buttons are only enabled if the user logging in has an admin role. if the user has an employee role i want to disable the edit, delete and add buttons.
The auth0 authentication is working without any issues but this authorization that i want to perform is not possible.
Iāve tried various methods as well as gone through the auth0 rbac docs but i cannot find a solution for this
Are you able to validate an access token successfully? Once validated, you should be able to make decisions in your API/backend logic based on the permissions claim and/or roles if you add them as a custom claim in the access token: