B2B Saas Authentication

/

Mobile SDKs

/

React Native SDK reference

/

RBAC

/

Is Authorized

isAuthorized

The SDK provides two methods for getting an authorization verdict on a Resource-action pair (that is, whether the logged-in Member is authorized to perform the specified action on the specified Resource).

The isAuthorizedSync method will use locally-cached instances of the Member and the configured RBAC policy. If the RBAC policy has not been loaded, this method will always return false. The SWR caching strategy is detailed here.

The isAuthorized method determines whether the logged-in member is allowed to perform the specified action on the specified resource. It will return a Promise that resolves after the RBAC policy has been loaded. Returns true if the member can perform the action, false otherwise.

If the member is not logged in, this method will always return false. If the resource or action provided are not valid for the configured RBAC policy, this method will return false.

As a best practice, authorization checks for sensitive actions should also occur on the backend.

import { useStytchB2BClient } from '@stytch/react-native/b2b';
import React from 'react';
import { Text, TouchableOpacity, View } from 'react-native';

export const EditDocuments = () => {
  const stytch = useStytchB2BClient();
  const isAuthorized = stytch.rbac.isAuthorizedSync('documents', 'edit');

  const editDocument = () => {
    //...
  };

  return (
    <View>
      <TouchableOpacity disabled={!isAuthorized} onPress={editDocument}>
        <Text>Edit</Text>
      </TouchableOpacity>
    </View>
  );
};

RESPONSE

200
{
    "status_code": 200,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141"
    "is_authorized": true,
}