How to handle a complex user permission structure

sajhak · January 28, 2021, 12:05pm

My application has users, classes and roles where users can have multiple different roles for different classes.

For eg:

     User A 
          -> Class 1 ->  STUDENT_ROLE
          -> Class 2 ->   ADMIN_ROLE

     User B 
          -> Class 1 ->  STUDENT_ROLE
          -> Class 2 ->  STUDENT_ROLE

    User C
          -> Class 3 ->  INSTRUCTOR_ROLE

Users will be added over time (application users)
_ROLE s are pre-defined
Classes will be added over time

I want to include all these information in the JWT token i received from Okta.

I couldn’t find a good way of doing that yet, I was looking to utilize user’s profile attributes and define a an attribute array as follows

UserA:> permissions : [ “class1:STUDENT”, “class2:ADMIN” ]
UserB:> permissions : [ “class1:STUDENT”, “class2:ADMIN” ]
UserC:> permissions : [ “class3:INSTRUCTOR” ]

If anyone thinks there is a better approach?

Fuzzard · January 28, 2021, 7:36pm

you should be able to either use a profile attribute or group membership to set up this claim or even use a inline hook if the data would not be saved in Okta, depending on what is more convenient to implement in your environment

system · February 3, 2021, 6:51am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Best approach to dealing with app user permissions OAuth/OIDC	2	1191	February 12, 2024
How to make an app with multiple permission levels? Questions	27	4768	February 8, 2024
RBAC Authorization For Different Roles Per Application OAuth/OIDC	1	2095	November 15, 2023
Minimum permission for a user needing to fetch user profiles API	3	4959	December 11, 2017
Attribute-based Access Control via claims Questions	8	4392	January 25, 2024

How to handle a complex user permission structure

Related topics