Skip to main content
import { StytchB2BClient } from '@stytch/vanilla-js/b2b';

const stytch = new StytchB2BClient('public-token-test-b8c84de4-7d58-4ffc-9341-432b56596862');

// Check authorization asynchronously
stytch.rbac
  .isAuthorized('documents', 'edit')
  .then((isAuthorized) => {
    if (isAuthorized) {
      console.log('User is authorized to edit documents');
      // Show edit button
    } else {
      console.log('User is not authorized to edit documents');
      // Hide edit button or show message
    }
  })
  .catch((error) => {
    console.error('Error:', error);
  });
rbac.isAuthorized is an asynchronous method that returns an authorization verdict on a resource-action pair (that is, whether the logged-in is authorized to perform the specified action on the specified Resource). Given a resource and action, this method will return a promise that resolve to a boolean value, indicating if the Member is authorized to perform the action on the resource. Returns true if the member can perform the action, false otherwise. If the Member is not logged in, this method will always return false. If the resource or action provided are not valid for the configured RBAC policy, this method will return false.
As a best practice, authorization checks for sensitive actions should also occur on the backend.

Parameters

resource_id
string
required
The human-readable ID of the resource to check authorization for.
action
string
required
The action to take on the specified resource.

Response

authorized
Promise<boolean>
required
true if the Member is authorized to perform the specified action on the specified resource, false otherwise.Will resolve to false if the RBAC policy has not been loaded or if the resource or action provided are not valid for the configured RBAC policy.