Authentication and Authorization in routes.json
This document explains how to configure authentication and authorization for routes using the routes.json file.
Authentication
Authentication is configured using the auth field in the route definition.
Syntax
{
"/path": {
"auth": true | false | "optional"
}
}
Options
true: The route requires authentication. Users must be logged in to access this route.false: The route does not require authentication. It's publicly accessible."optional": Authentication is optional for this route. Both authenticated and unauthenticated users can access it.
Example
{
"/login": {
"auth": false
},
"/dashboard": {
"auth": true
},
"/public-content": {
"auth": "optional"
}
}
Authorization
Authorization is configured using the authority and extraPermissions fields.
Authority
The authority field specifies the permissions required to access the route.
Syntax
{
"/path": {
"authority": ["permission1", "permission2"]
}
}
Example
{
"/o/:orgName/settings": {
"authority": ["organization.settings.view"]
}
}
Extra Permissions
The extraPermissions field specifies additional permissions that might be required for certain actions within the route.
Syntax
{
"/path": {
"extraPermissions": ["permission1", "permission2"]
}
}
Example
{
"/o/:orgName/settings": {
"authority": ["organization.settings.view"],
"extraPermissions": ["organization.settings.edit"]
}
}
Automatic Wrapping
Based on the authentication and authorization configurations in routes.json, the application automatically applies the necessary wrappers to the components:
- If
authis set totrue, an authentication wrapper is applied to ensure the user is logged in. - If
authorityis specified, a permission wrapper is added to check the user's permissions. - If
extraPermissionsare defined, additional permission checks may be implemented within the component.
Back to Index | Previous: Field Descriptions | Next: Loaders and Data Fetching