Auth0 Role Manager is the Auth0 role manager for Casbin. With this library, Casbin can load role hierarchy (user-role mapping) from Auth0 Authorization Extension or save role hierarchy to it (NOT Implemented).
go get github.com/casbin/auth0-role-manager
package main import ( "github.com/casbin/auth0-role-manager" "github.com/casbin/casbin" ) func main() { // This role manager dose not rely on Casbin policy. So we should not // specify grouping policy ("g" policy rules) in the .csv file. e := casbin.NewEnforcer("examples/rbac_model.conf", "examples/rbac_policy.csv") // Use our role manager. // clientID is the Client ID. // clientSecret is the Client Secret. // tenant is your tenant name. If your domain is: abc.auth0.com, then abc is your tenant name. // apiEndpoint is the base URL for your Auth0 Authorization Extension, it should // be something like: "https://abc.us.webtask.io/adf6e2f2b84784b57522e3b19dfc9201", there is // no "/admins", "/admins/login", "/users" or "/api" in the end. rm := auth0rolemanager.NewRoleManager( "your_client_id", "your_client_secret", "your_tenant_name", "your_base_url_for_auth0_authorization_extension") e.SetRoleManager(rm) // If our role manager relies on Casbin policy (like reading "g" // policy rules), then we have to set the role manager before loading // policy. // // Otherwise, we can set the role manager at any time, because role // manager has nothing to do with the adapter. e.LoadPolicy() // Check the permission. // Casbin's subject (user) name uses the Auth0 user's Email field (like "alice@test.com"). // Casbin's role name uses the Auth0 group's Name field (like "Group1", "Group2"). e.Enforce("alice@test.com", "data1", "read") }
This project is under Apache 2.0 License. See the LICENSE file for the full license text.