NextAuth RBAC with your own roles
Unanswered
Eric Burel posted this in #help-forum
hi, I am trying to setup authorization with Next-Auth and OAuth providers.
So let's say the user is authenticated using GitHub, I will get there email.
My role-based access control strategy would be to store roles in a database with emails as keys.
1. Is that a sound strategy? I feel like the email within the session is an information that we can trust?
2. Are there shortcuts to shove the role in next-auth? I feel like I could use the
So let's say the user is authenticated using GitHub, I will get there email.
My role-based access control strategy would be to store roles in a database with emails as keys.
1. Is that a sound strategy? I feel like the email within the session is an information that we can trust?
2. Are there shortcuts to shove the role in next-auth? I feel like I could use the
profile
option but it doesn't seem to accept async calls eg to a database. I haven't found examples of fetching the user roles from a database after a successful authentication (eg https://authjs.dev/guides/role-based-access-control?framework=next-js)2 Replies
Raised the question on Stack Overflow