I have a web app where a lot of user roles exist and therefore I need to hide/show functionality based on their role. Now I don’t really understand from the document perspective, what the best way is, to get a users role and where to actually store it. As far as I understand, I need to call the management API always.
Can’t I somehow store it in the json i receive in the api/me call? (Thats the method for node.js auth0.handleProfile(req, res)
One way to keep track of a user’s role would be to add their role to the ID Token or Access Token when they authenticate so that the frontend can decode the token and know the user’s role.
Yes, Rules are JavaScript functions that execute within an isolated serverless Webtask container every time a user authenticates.
The Rules configured within your Auth0 tenant will run after authentication takes place and before the redirect back to your application.
Rules are passed a User Object and Context Object which allow them to do many things like add data to the user profile or throw an error if a user hasn’t verified their email address.
You can try adding the role to the ID Token and Access Token by creating a new Rule in the dashboard: