[英]Auth0 subscription plan app_metadata
I'm developing a quiz app which requires authorization for only-subscribed members can see. 我正在开发一个测验应用程序,该应用程序要求只有订阅成员才能看到的授权。
How to do that? 怎么做? I'm thinking of putting metadata (is_subscribed) to true for subscribed member and give the scope so he/she can gain permissions.
我正在考虑将已订阅成员的元数据(is_subscribed)设置为true,并提供范围,以便他/她可以获取权限。
But, I don't know how to do it. 但是,我不知道该怎么做。 Please help.
请帮忙。 The docs is so confusing
该文档是如此令人困惑
There are two separate concerns here. 这里有两个单独的问题。
Where to keep the subscription information. 在哪里保留订阅信息。
app_metadata
is fine, or you might choose to do so in a backend database (application specific). app_metadata
很好,或者您可以选择在后端数据库(特定于应用程序)中这样做。 A client application will probably handle subscriptions and be in charge of updating that value. 客户端应用程序可能会处理订阅,并负责更新该值。 If you store the value in
app_metadata
, you will use Management API v2 to alter the user profile from the application that handles subscriptions. 如果将值存储在
app_metadata
,则将使用Management API v2更改来自处理订阅的应用程序中的用户配置文件。
Add an authorization scope based on the subscription status. 根据订阅状态添加授权范围。 In this case, you would use a rule to add a custom scope based on the value of the
is_subscribed
field. 在这种情况下,您将使用规则基于
is_subscribed
字段的值添加自定义范围 。 Ie: 即:
function(user, context, callback) { if (user.app_metadata && user.app_metadata.is_subscribed) { context.accessToken.scope = ['read:quiz']; } else { // remove the ability to read a quiz if not subscribed. context.accessToken.scope = []; } callback(null, user, context); }
If you decided to store the subscription information in a backend database instead of in the app_metadata
, you would simply access the database from the rule in the above code. 如果您决定将订阅信息存储在后端数据库中而不是在
app_metadata
,则只需从上述代码中的规则访问数据库即可。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.