I'm working at a project using Auth0. We wish to use the permission system in the Authorization Extension to set it up.
E.g. Role Admin: users:viewAll users:edit users:xyz
Role User: users:editOwn users:viewOwn users:ect
And then in the Project if possible use the [Authorize(Policy = "users:kvm")] tag.
However, I cannot find any resources on how to actually use the Authorization Extension from Auth0. I'm at a complete loss, so if anyone could guide me on where to even look for these, I'd be very happy.
The authorization extension is accessible via API
You have to enable the API access and set up a machine to machine communication so that you can hit the endpoints. (like described in the link)
Then use this documentation to manage permissions, roles, groups etc.
Each request has to include a token (JWT) which you have to get beforehand from https://yourdomain.auth0.com/oauth/token via a POST request.
You have to provide four parameters:
grant_type = client_credentials
client_id = {from your auth0 application}
client_secret = {from your auth0 application}
audience=urn:auth0-authz-api
Put the token into the header of each request as "Authorization" : "Bearer #YOURTOKEN#"
You can use any REST client to hit the endpoints. For the start I'd recommend Postman to test the endpoints and check which calls you need. There is a handy collection you can use with some adjustments.