Replies: 1 comment
-
I believe this issue does not make sense because the role should be defined by your system, and the user shouldn't have the ability to change their role. In your application, you can set the user's role based on certain characteristics you define. For example, when you log in with a Google provider, you receive data from Google and can extract the provided role, but you can't change this information on Google's side. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
What is the improvement or update you wish to see?
The documentation page for Role Based Access Control says that the logic for determining the user roles is their responsibility.
The logic should be provided.
Then the use can modify the logic depending upon their requirements.
Is there any context that might help us understand?
We can modify the current RBA Control Guide to determine the user role
OR
A new guide should be introduced to determine the user role.
Does the docs page already exist? Please link to it.
https://authjs.dev/guides/role-based-access-control
Beta Was this translation helpful? Give feedback.
All reactions