NextAuth RBAC with your own roles
Unanswered
Eric Burel posted this in #help-forum
hi, I am trying to setup authorization with Next-Auth and OAuth providers.
So let's say the user is authenticated using GitHub, I will get there email.
My role-based access control strategy would be to store roles in a database with emails as keys.
1. Is that a sound strategy? I feel like the email within the session is an information that we can trust?
2. Are there shortcuts to shove the role in next-auth? I feel like I could use the
So let's say the user is authenticated using GitHub, I will get there email.
My role-based access control strategy would be to store roles in a database with emails as keys.
1. Is that a sound strategy? I feel like the email within the session is an information that we can trust?
2. Are there shortcuts to shove the role in next-auth? I feel like I could use the
profile option but it doesn't seem to accept async calls eg to a database. I haven't found examples of fetching the user roles from a database after a successful authentication (eg https://authjs.dev/guides/role-based-access-control?framework=next-js)3 Replies
Raised the question on Stack Overflow
Figured it with callbacks, I can set a role in a token and then in the session from the token : https://next-auth.js.org/configuration/callbacks