This article was published January 31, 2019 (three years ago.) Much will have changed since then.
Hey there, @NikShafiq
Thanks for bringing this to our attention. I have surfaced your feedback to the team that owns our blog to see if we can change the outdated post.
In the interim, are there additional questions we can answer for you at this time?
Thanks for that Hillary, updating the docs would give much more clarification on what is available on the plans.
Just to clarify, RBAC and Role Based Redirects are available on the all plans, but the use of 3rd party Authentication is for Business plan only. Does this also mean that the use of GoTrue directly is not considered 3rd party as the Identity Widget is built on top of it?
GoTrue is a first-party library (it’s owned by Netlify) and same is the case with the Identity Widget. Using that is supported on all plans.
Hi,
I really struggling getting role based redirects to work. I created my own login form with GoTrue. Login works perfectly fine and it returns the correct Roles in users meta. I only noticed that the role value is empty. However, even so the conditions are setup to allow the admin to visit the route, it keeps redirecting to the 404 page. I even switch over to the Business plan, still I cannot get it work. The users roles meta data has no effect whatsoever.
[[redirects]]
from = "/"
to = "/account/login"
status = 200
[[redirects]]
from = "/*"
to = "/404.html"
status = 404
conditions = {Role = ["admin"]}
[[redirects]]
from = "/*"
status = 200
force = true
conditions = {Role = ["admin"]}
[[redirects]]
from = "/*"
to = "/account/login"
status = 401
force = true
Login script
if (!this.auth) {
console.log('No Auth found')
return;
} else {
event.preventDefault();
this.loading = true;
this.auth
.login(this.inputElements[0].value, this.inputElements[1].value, true)
.then(response => {
this.loading = false;
const userName = response.user_metadata.full_name;
this.showMessage(
`<p>Log in successful! </p><p>Welcome back ${userName}</p>`, true
);
this.$dispatch('logged');
})
.catch(error =>{
this.loading = false;
this.showMessage(`Failed to log in :( <p>${error.json.error_description}</p>`, false, true)
}
);
}
Hi @nolafs
Rules are processed top to bottom. The likely issue here (I suspect) is the 404 rule catching everything first and the 200 rule never triggering. Try changing the rule order.
Thanks,
I checked it by simplifying the redirects.
[[redirects]]
from = "/clients/*"
to = "/account/login"
status = 401
force = true
[[redirects]]
from = "/clients/*"
status = 200
force = true
conditions = {Role = ["admin"]}
Still, user with the correct roles, admin, hitting the /clients/* route, still redirects to the account/login page. Perhaps using goTrue login is not correct. I really have no idea. I am getting the same behaviour using the _redirect file. It seems GoTrue meta data is completely ignored.
You need to put the 200 rule first, the 401 second. This allows anyone authorised through, anyone who is not will then get redirected to the login page.
For example, here is the _redirects
file some a test site I have
# Always allow login
/login /login 200
# Always allow unauthorised
/unauthorised /unauthorised 200
# Staff-only pages
/staff/* 200! Role=staff
/staff/* /unauthorised 401!
# All other pages
/* 200! Role=basic-user
/* /login 401!
Thanks, I found the issue with my login. Api root has an error. Pointing to wrong end point. A mix up with a previous project. Sorry for wasting all of your time.