Auth0订阅计划app_metadata
[英]Auth0 subscription plan app_metadata
问题描述
I'm developing a quiz app which requires authorization for only-subscribed members can see. 
我正在开发一个测验应用程序,该应用程序要求只有订阅成员才能看到的授权。
How to do that? 怎么做? I'm thinking of putting metadata (is_subscribed) to true for subscribed member and give the scope so he/she can gain permissions. 我正在考虑将已订阅成员的元数据(is_subscribed)设置为true,并提供范围,以便他/她可以获取权限。
But, I don't know how to do it. 但是,我不知道该怎么做。 Please help. 请帮忙。 The docs is so confusing 该文档是如此令人困惑
1 个解决方案
解决方案1
0 已采纳 2018-02-05 11:03:42
There are two separate concerns here. 这里有两个单独的问题。
Where to keep the subscription information.
在哪里保留订阅信息。 app_metadatais fine, or you might choose to do so in a backend database (application specific).app_metadata很好,或者您可以选择在后端数据库(特定于应用程序)中这样做。 A client application will probably handle subscriptions and be in charge of updating that value.客户端应用程序可能会处理订阅,并负责更新该值。 If you store the value in app_metadata, you will use Management API v2 to alter the user profile from the application that handles subscriptions.如果将值存储在app_metadata,则将使用Management API v2更改来自处理订阅的应用程序中的用户配置文件。Add an authorization scope based on the subscription status.
根据订阅状态添加授权范围。 In this case, you would use a rule to add a custom scope based on the value of the is_subscribedfield.在这种情况下,您将使用规则基于is_subscribed字段的值添加自定义范围 。 Ie:即:
function(user, context, callback) {
if (user.app_metadata && user.app_metadata.is_subscribed) {
context.accessToken.scope = ['read:quiz'];
} else {
// remove the ability to read a quiz if not subscribed.
context.accessToken.scope = [];
}
callback(null, user, context);
}
If you decided to store the subscription information in a backend database instead of in the app_metadata , you would simply access the database from the rule in the above code. 如果您决定将订阅信息存储在后端数据库中而不是在app_metadata ,则只需从上述代码中的规则访问数据库即可。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.