How to Use Auth0's Core Authorization Feature Set

The core Authorization features of Auth0 allow for role-based access control (RBAC) of your APIs.

The Authorization Core feature set and Authorization Extension are completely separate features. To manage groups, roles, or permissions, you will need to use the feature they were originally created in.

Although the Delegated Administration Extension and the Authorization Core feature set are completely separate features, you can use the Authorization Core feature set to create and manage roles for the DAE if you use a rule. To learn how, see Sample Use Cases: Rules with Authorization.

For role-based access control (RBAC) to work properly, you must enable it for your API using either the Dashboard or the Management API.

Authorization Core functionality is different from the Authorization Extension. For a comparison between the two products, see Authorization Core vs. Authorization Extension.

To use the core functionality most efficiently, you should do the following:

  1. Register API with Auth0
  2. Define permissions for API
  3. Create roles
  4. Assign roles to users
  5. Assign permissions to users, if needed.

Keep reading