Web app authorization acc to role assigned

tyf · October 18, 2023, 10:18pm

Hello @nalawalaq welcome to the community!

The best way to go about this is to implement Role Based Access Control (RBAC) - You can have this enabled for your API you’ve registered in Auth0. The flow goes something like this:

User authenticates at your web app and obtains an ID/access token.
The access token is included as an Authorization header in requests to the API that you have registered in Auth0.
Your API validates the token and then checks the permissions claim, scopes, etc. depending on your specific needs.

I recommend taking a look at at the express-oauth2-jwt-bearer library referenced in the following guide for validating tokens on your backend/API:

Topic		Replies	Views
Unable to assign role to user Get Help auth0 , api , management-api	5	3291	February 13, 2021
Having trouble accessing roles on user account via ID or Access Tokens Get Help roles , authorization-extens , authorization	2	5470	September 3, 2019
Stuck implementing on authorization (react web app / node.js api server) Get Help	4	3011	December 15, 2020
Auth0 Authorisation for a Regular Web Application Get Help jwt , auth0 , api	8	5489	September 22, 2021
Assigning user roles in a rule Get Help auth0 , rules , management-api	5	4866	January 22, 2024