Learn how to use Auth0’s Role-Based Access Control (RBAC) feature to secure HTTP APIs with ease. An article by Bruno Krebs. This is the second, technical post in a 3-part series on focusing on Authorization. Stay tuned for the last part in this series, focusing on dynamic authorization.
Although you could use plain RBAC and assign the roles directly to users, you will use a better strategy that consists of defining groups to work as an intermediary between users and roles. That is, instead of assigning roles to users directly, you will assign roles to groups and users to groups.
The detailed information contains:
- What is RBAC (Role-Based Access Control)? Introduction
- The RBAC scenario
- Apps, APIs, and RBAC
- Handling RBAC in Node.js and Express
- Using Auth0 to map the RBAC scenario
Code examples in GitHub repo and detailed terminal commands with explanation included. Very nice!
[Read More]