Docs

Authorization Extension

Authorization Extension

Currently, we provide two ways of implementing role-based access control (RBAC), which you can use in place of or in combination with your API's own internal access control system:

We are expanding our Authorization Core feature set to match the functionality of the Authorization Extension and expect a final release in 2020. Our new core RBAC implementation improves performance and scalability and will eventually provide a more flexible RBAC system than the Authorization Extension.

For now, both implement the key features of RBAC and allow you to restrict the custom scopes defined for an API to those that have been assigned to the user as permissions. For a comparison, see Authorization Core vs. Authorization Extension.

The Authorization Core feature set andAuthorization Extension are completely separate features. To manage groups, roles, or permissions, you will need to use the feature they were originally created in.

Although the Delegated Administration Extension and the Authorization Core feature set are completely separate features, you can use the Authorization Core feature set to create and manage roles for the DAE if you use a rule. To learn how, see Sample Use Cases: Rules with Authorization.

The Authorization Extension provides support for user authorization via Groups, Roles, and Permissions. You can define the expected behavior during the login process, and your configuration settings will be captured in a rule that's executed during runtime.

With the Authorization Extension, you can store authorization data like groups, roles, or permissions in the outgoing token issued by Auth0. Your application can then consume this information by inspecting the token and take appropriate actions based on the user's current authorization context.

With the Authorization Extension, roles and permissions are set on a per-application basis. If you need the same roles or permissions on another application, you'll have to create them separately. Conversely, the Authorization Core feature set provides much more flexibility with roles and permissions.

Get Started

Before you can use the extension, you'll need to install it, configure the rule controlling its behavior during login, and set up your user management.

Data Management

You can easily move data into or out of the Extension.

Add Functionality

Once your extension is up and running, you can add additional functionality to it. You can also import/export user-related data.

Troubleshoot

Review our tips for troubleshooting commonly-seen issues.