Role based redirects from login to home

This article was published January 31, 2019 (three years ago.) Much will have changed since then.

1 Like

Hey there, @NikShafiq :wave:

Thanks for bringing this to our attention. I have surfaced your feedback to the team that owns our blog to see if we can change the outdated post.

In the interim, are there additional questions we can answer for you at this time?

Thanks for that Hillary, updating the docs would give much more clarification on what is available on the plans.

Just to clarify, RBAC and Role Based Redirects are available on the all plans, but the use of 3rd party Authentication is for Business plan only. Does this also mean that the use of GoTrue directly is not considered 3rd party as the Identity Widget is built on top of it?

GoTrue is a first-party library (it’s owned by Netlify) and same is the case with the Identity Widget. Using that is supported on all plans.

Hi,

I really struggling getting role based redirects to work. I created my own login form with GoTrue. Login works perfectly fine and it returns the correct Roles in users meta. I only noticed that the role value is empty. However, even so the conditions are setup to allow the admin to visit the route, it keeps redirecting to the 404 page. I even switch over to the Business plan, still I cannot get it work. The users roles meta data has no effect whatsoever.

[[redirects]]
    from = "/"
    to = "/account/login"
    status = 200

[[redirects]]
    from = "/*"
    to = "/404.html"
    status = 404
    conditions = {Role = ["admin"]}

[[redirects]]
    from = "/*"
    status = 200
    force = true
    conditions = {Role = ["admin"]}

[[redirects]]
    from = "/*"
    to = "/account/login"
    status = 401
    force = true

Login script

if (!this.auth) {
                        console.log('No Auth found')
                        return;
                    } else {
                        event.preventDefault();
                        this.loading = true;
                        this.auth
                            .login(this.inputElements[0].value, this.inputElements[1].value, true)
                            .then(response => {
                                this.loading = false;
                                const userName = response.user_metadata.full_name;
                                this.showMessage(
                                    `<p>Log in successful! </p><p>Welcome back ${userName}</p>`, true
                                );
                                this.$dispatch('logged');
                            })
                            .catch(error =>{
                                this.loading = false;
                                this.showMessage(`Failed to log in :( <p>${error.json.error_description}</p>`, false, true)
                            }
                            );
                    }

Hi @nolafs

Rules are processed top to bottom. The likely issue here (I suspect) is the 404 rule catching everything first and the 200 rule never triggering. Try changing the rule order.

Thanks,

I checked it by simplifying the redirects.

[[redirects]]
    from = "/clients/*"
    to = "/account/login"
    status = 401
    force = true

[[redirects]]
    from = "/clients/*"
    status = 200
    force = true
    conditions = {Role = ["admin"]}

Still, user with the correct roles, admin, hitting the /clients/* route, still redirects to the account/login page. Perhaps using goTrue login is not correct. I really have no idea. I am getting the same behaviour using the _redirect file. It seems GoTrue meta data is completely ignored.

You need to put the 200 rule first, the 401 second. This allows anyone authorised through, anyone who is not will then get redirected to the login page.

For example, here is the _redirects file some a test site I have

# Always allow login
/login        /login    200

# Always allow unauthorised
/unauthorised    /unauthorised    200

# Staff-only pages
/staff/*    200!   Role=staff
/staff/*    /unauthorised    401!

# All other pages
/*    200!   Role=basic-user
/*    /login    401!

Thanks, I found the issue with my login. Api root has an error. Pointing to wrong end point. A mix up with a previous project. Sorry for wasting all of your time.

1 Like

Thanks for coming back and letting us know @nolafs. Glad everything is working now!