Headless Integration of RBAC

While it is important to always have server-side authentication and authorization checks, Stytch's frontend SDKs offer:

  • Built-in RBAC protections for Stytch methods

  • Client side RBAC policy evaluations to minimize unnecessary, unauthorized requests to the server

  • Methods for viewing all permissions for the currently logged in user, to make it easy to conditionally render UI elements

Stytch Resource Authorization Checks

Stytch's frontend SDKs offer built-in RBAC protections for Stytch member and organization management methods, allowing you to make these requests directly from your public client instead of proxying through your server.

To enable this functionality, turn on "Member actions & permissions" in the FE SDKs section of the Stytch Dashboard.

Enable RBAC member actions and permissions for FE SDKs

You can then call methods like organization.update() or magicLinks.email.invite() directly from the client, and the frontend SDK will automatically include the logged in member's session in the request.

Stytch's backend will only authorize the request if the session is valid and the session Member has at least one Role that grants them permission to take that action.