Authorization Extension

Currently, we provide two ways of implementing role-based access control (RBAC), which you can use in place of or in combination with your API's own internal access control system:

We are expanding our Authorization Core feature set to match the functionality of the Authorization Extension and expect a final release in 2020. Our new core RBAC implementation improves performance and scalability and will eventually provide a more flexible RBAC system than the Authorization Extension.

For now, both implement the key features of RBAC and allow you to restrict the custom scopes defined for an API to those that have been assigned to the user as permissions. For a comparison, see Authorization Core vs. Authorization Extension.

The Authorization Core feature set andAuthorization Extension are completely separate features. To manage groups, roles, or permissions, you will need to use the feature they were originally created in.

Although the Delegated Administration Extension and the Authorization Core feature set are completely separate features, you can use the Authorization Core feature set to create and manage roles for the DAE if you use a rule. To learn how, see Sample Use Cases: Rules with Authorization.

The Authorization Extension provides support for user authorization via Groups, Roles, and Permissions. You can define the expected behavior during the login process, and your configuration settings will be captured in a rule that's executed during runtime.

With the Authorization Extension, you can store authorization data like groups, roles, or permissions in the outgoing token issued by Auth0. Your application can then consume this information by inspecting the token and take appropriate actions based on the user's current authorization context.

With the Authorization Extension, roles and permissions are set on a per-application basis. If you need the same roles or permissions on another application, you'll have to create them separately. Conversely, the Authorization Core feature set provides much more flexibility with roles and permissions.

Before you can use the extension, you'll need to install it, configure the rule controlling its behavior during login, and set up your user management.

Install the Extension
Walk through the process of installing the Authorization Extension.
Set Up the Extension
Learn the basics of users, groups, roles, and permissions, and how to configure them.
Configure the Extension
Configure how the extension will behave during the login transaction.

You can easily move data into or out of the Extension.

Importing Existing Data into/Exporting Data from the Extension
Learn how you can import or export authorization data using a JSON file.

Once your extension is up and running, you can add additional functionality to it. You can also import/export user-related data.

Enable API Access to the Extension
Learn how you can automate provisioning and query the authorization context of your users in real-time, using the extension's API.
Authorization Extension API Explorer
Learn about the Authorization Extension's API endpoints and how you can use them.
Use the Authorization Extension's Data in Rules
Learn how you can use rules to configure extra logic to your logins.

Review our tips for troubleshooting commonly-seen issues.

Troubleshoot Errors
Common problems and tips to help you identify their cause.

Docs

Authorization Extension

Get Started

Data Management

Add Functionality

Troubleshoot

Was this article helpful?