Skip to content

casbin/auth0-role-manager

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Auth0 Role Manager Build Status Coverage Status Godoc

Auth0 Role Manager is the Auth0 role manager for Casbin. With this library, Casbin can load role hierarchy (user-role mapping) from Auth0 Authorization Extension or save role hierarchy to it (NOT Implemented).

Installation

go get github.com/casbin/auth0-role-manager

Simple Example

package main

import (
	"github.com/casbin/auth0-role-manager"
	"github.com/casbin/casbin"
)

func main() {
	// This role manager dose not rely on Casbin policy. So we should not
	// specify grouping policy ("g" policy rules) in the .csv file.
	e := casbin.NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv")

	// Use our role manager.
	// clientID is the Client ID.
	// clientSecret is the Client Secret.
	// tenant is your tenant name. If your domain is: abc.auth0.com, then abc is your tenant name.
	// apiEndpoint is the base URL for your Auth0 Authorization Extension, it should
	// be something like: "https://abc.us.webtask.io/adf6e2f2b84784b57522e3b19dfc9201", there is
	// no "/admins", "/admins/login", "/users" or "/api" in the end.
	rm := auth0rolemanager.NewRoleManager(
		"your_client_id",
		"your_client_secret",
		"your_tenant_name",
		"your_base_url_for_auth0_authorization_extension")
	e.SetRoleManager(rm)

	// If our role manager relies on Casbin policy (like reading "g"
	// policy rules), then we have to set the role manager before loading
	// policy.
	//
	// Otherwise, we can set the role manager at any time, because role
	// manager has nothing to do with the adapter.
	e.LoadPolicy()
	
	// Check the permission.
	// Casbin's subject (user) name uses the Auth0 user's Email field (like "[email protected]").
	// Casbin's role name uses the Auth0 group's Name field (like "Group1", "Group2").
	e.Enforce("[email protected]", "data1", "read")
}

Getting Help

License

This project is under Apache 2.0 License. See the LICENSE file for the full license text.