h6. What
To provide client side access control in the mobile app, we will first require knowledge of the users roles. During the OpenID Connect authentication flow, an access token will be made available to the application. An array of roles for the user can be retrieved from the access token, which is just a JWT.
h6. Why
* To provide access control on the client side.
h6. How
The access token can be retrieved easily from the AppAuth AuthState class. This need to be decoded from base64, and then the user roles will be available in a JSON array. |
|
