[C4GT Community]: Auth0 Integration and allow Event data edit button to admin users only

[Durgesh4993]

Ticket Contents

Description

This issue aims to integrate Auth0 authentication into the website and implement role-based access control to ensure that only admin users can edit event data. By leveraging Auth0, we will enhance security and streamline user authentication while preventing unauthorized access to event modifications.

Implementation Details

• Integrate Auth0 authentication to manage user login/logout.
• Set up role-based access control (RBAC) in Auth0 to define user roles (e.g., admin, user).
• Ensure that only users with the admin role can access and modify event data.
• Restrict the "Edit Event Data" button visibility based on user roles.
• Implement backend verification to enforce access control at the API level.

Goals

Goals

• Integrate Auth0 authentication into the website.
• Implement role-based access control (RBAC) in Auth0.
• Restrict the "Edit Event Data" button to admin users.
• Secure backend API endpoints to validate admin access.
• Ensure proper error handling for unauthorized access attempts.

Expected Outcome

Expected Outcome

• Only authenticated users can access the platform.
• Admin users can view and edit event data.
• Regular users cannot see or access the edit functionality.
• Unauthorized API requests to modify event data are blocked.
• Secure and scalable authentication system using Auth0.

Acceptance Criteria

Acceptance Criteria

• Users must be authenticated via Auth0 to access the platform.
• Admin users must have the ability to edit event data.
• Regular users should not see the "Edit Event Data" button.
• Unauthorized API requests to modify event data must be rejected.
• Role-based access control (RBAC) must be properly configured in Auth0.
• Secure storage and transmission of authentication credentials must be ensured.
• Proper error messages should be displayed for unauthorized access attempts.

Implementation Details

Implementation Details

• Use Auth0 for authentication and authorization.
• Implement role-based access control (RBAC) to distinguish between admin and user roles.
• Store authentication tokens securely using HTTP-only cookies or local storage.
• Restrict UI elements based on user roles using React (or relevant frontend framework) state management.
• Validate user roles in the backend API using middleware.
• Use JWT (JSON Web Tokens) for secure communication between frontend and backend.
• Ensure backend security using Express.js (or relevant backend framework) with middleware verification.
• Implement API security using OAuth 2.0 and Auth0 SDKs.
• Log authentication and access events for monitoring and debugging.

Mockups/Wireframes

No response

Product Name

New Website (Auth0 Integration and allow Event data edit button to admin users only)

Organisation Name

DevRhylme Foundation

Domain

Web

Tech Skills Needed

Auth0, React.js, Node.js & Express.js, JWT [JSON Web Tokens]

Organizational Mentor

@MAVRICK-1 | @Durgesh4993

Angel Mentor

No response

Complexity

High

Category

Authentication & Authorization

[saltykheera]

@Durgesh4993 @MAVRICK-1 looking forward to working on this
do i have to wait for the issue to assign to me ?
or can i carry forward and raise a PR ?

[MAVRICK-1]

@saltykheera yeah go ahead

[saltykheera]

@MAVRICK-1 is there a deadline for me upto which i have to work on it ?

[MAVRICK-1]

@saltykheera there's ain't anything like that , try to do it with a week or 2

[saltykheera]

@MAVRICK-1 next-auth already provide role based access
is it necessary to use auth0?
because next auth already exist in code base

[MAVRICK-1]

@Manaregr8 will you please guide @saltykheera on this

[saltykheera]

@MAVRICK-1 can i have his discord so that i can discuss the problem

[Manaregr8]

@saltykheera u can use auth0 or next-auth. Which ever you are familiar with.
Just ensure that data security is not compromised while whole process.

Thank you

[saltykheera]

@saltykheera u can use auth0 or next-auth. Which ever you are familiar with.
Just ensure that data security is not compromised while whole process.

Thank you

next-auth already established i can work with it
proceeding to use that

[farhannnz]

Hello! @Durgesh4993
I would love to take on this project! I have experience working with Auth0 authentication, role-based access control (RBAC), and secure API development using React.js, Node.js, and Express.js. I am confident in implementing authentication, securing API endpoints, and ensuring proper role-based restrictions. Excited to contribute to the DevRhylme Foundation! Looking forward to your response.

[prakharsingh-74]

@Durgesh4993 & @MAVRICK-1 I would like to resolve this issue under C4GT community, please assign this issue to me