Adding RBAC to a backend ASP .NET API secured by @clerk.com is very straightforward!
Just three simple steps:
1. Add "role": "{{user.public_metadata.role}}" to your custom session token
Just three simple steps:
1. Add "role": "{{user.public_metadata.role}}" to your custom session token
Comments
(Assuming you already have JWT Bearer Auth configured)
And voila free 403's for all non-admins!
Clerk produces `null` for undefined metadata, so users without a defined public_metadata.role still work gracefully.