Auth0 Role Manager is the Auth0 role manager for Casbin. With this library, Casbin can load role hierarchy (user-role mapping) from Auth0 Authorization Extension or save role hierarchy to it (NOT Implemented).
go get github.com/casbin/auth0-role-manager
package main
import (
"github.com/casbin/auth0-role-manager"
"github.com/casbin/casbin"
)
func main() {
// This role manager dose not rely on Casbin policy. So we should not
// specify grouping policy ("g" policy rules) in the .csv file.
e := casbin.NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")
// Use our role manager.
// clientID is the Client ID.
// clientSecret is the Client Secret.
// tenant is your tenant name. If your domain is: abc.auth0.com, then abc is your tenant name.
// apiEndpoint is the base URL for your Auth0 Authorization Extension, it should
// be something like: "https://abc.us.webtask.io/adf6e2f2b84784b57522e3b19dfc9201", there is
// no "/admins", "/admins/login", "/users" or "/api" in the end.
rm := auth0rolemanager.NewRoleManager(
"your_client_id",
"your_client_secret",
"your_tenant_name",
"your_base_url_for_auth0_authorization_extension")
e.SetRoleManager(rm)
// If our role manager relies on Casbin policy (like reading "g"
// policy rules), then we have to set the role manager before loading
// policy.
//
// Otherwise, we can set the role manager at any time, because role
// manager has nothing to do with the adapter.
e.LoadPolicy()
// Check the permission.
// Casbin's subject (user) name uses the Auth0 user's Email field (like "[email protected]").
// Casbin's role name uses the Auth0 group's Name field (like "Group1", "Group2").
e.Enforce("[email protected]", "data1", "read")
}
This project is under Apache 2.0 License. See the LICENSE file for the full license text.