Headless Integration of RBAC
While it is important to always have server-side authentication and authorization checks, Stytch's frontend SDKs offer:
Built-in RBAC protections for Stytch methods
Client side RBAC policy evaluations to minimize unnecessary, unauthorized requests to the server
Methods for viewing all permissions for the currently logged in user, to make it easy to conditionally render UI elements
Stytch Resource Authorization Checks
Stytch's frontend SDKs offer built-in RBAC protections for Stytch member and organization management methods, allowing you to make these requests directly from your public client instead of proxying through your server.
To enable this functionality, turn on "Member actions & permissions" in the FE SDKs section of the Stytch Dashboard.
You can then call methods like organization.update() or magicLinks.email.invite() directly from the client, and the frontend SDK will automatically include the logged in member's session in the request.
Stytch's backend will only authorize the request if the session is valid and the session Member has at least one Role that grants them permission to take that action.