Role-Based Access Control (RBAC) is the idea of grouping permissions together by a role which allows us to protect applications with Role Based Authentication. Users are assigned a role through the Auth0 dashboard the corresponding permissions are placed on the user’s access token (JWT) after authenticating. That access token can be extracted by an Auth0 SDK (this video uses JavaScipt/ ReactJS) and sent to a custom server.
Serverside logic (this video is based on NodeJS and ExpressJS), can then check for specific permissions and then allow or reject certain resources.
Code Samples & Documentation
Video starting point: https://github.com/twclark0/roles-scopes-node-auth0/tree/roles-beginning
Video ending point: https://github.com/twclark0/roles-scopes-node-auth0/tree/roles-final
https://auth0.com/docs/authorization/rbac
#node #auth0 #express