How to handle a complex user permission structure

My application has users, classes and roles where users can have multiple different roles for different classes.

For eg:

     User A 
          -> Class 1 ->  STUDENT_ROLE
          -> Class 2 ->   ADMIN_ROLE

     User B 
          -> Class 1 ->  STUDENT_ROLE
          -> Class 2 ->  STUDENT_ROLE

    User C
          -> Class 3 ->  INSTRUCTOR_ROLE
  • Users will be added over time (application users)
  • _ROLE s are pre-defined
  • Classes will be added over time

I want to include all these information in the JWT token i received from Okta.

I couldn’t find a good way of doing that yet, I was looking to utilize user’s profile attributes and define a an attribute array as follows

UserA:> permissions : [ “class1:STUDENT”, “class2:ADMIN” ]
UserB:> permissions : [ “class1:STUDENT”, “class2:ADMIN” ]
UserC:> permissions : [ “class3:INSTRUCTOR” ]

If anyone thinks there is a better approach?

you should be able to either use a profile attribute or group membership to set up this claim or even use a inline hook if the data would not be saved in Okta, depending on what is more convenient to implement in your environment

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.