/
Contact usSee pricingStart building
    Overview
    iOS SDK reference
    Android SDK reference

    React Native SDK reference

    Installation
    Changelog
    Configuration
    Pre-built UI
      UI Configuration
    Users
      Get user
      Update user
      Delete authentication factors
    RBAC
      Is Authorized
      Permissions
    Email Magic Links
      Send
      Login or create
      Authenticate
    OAuth
      Start
      Authenticate
    Passwords
      Create
      Authenticate
      Reset by Email Start
      Reset by Email
      Strength Check
    One-time Passcodes (OTP)
      Login or create via SMS
      Send via SMS
      Login or create via Email
      Send via Email
      Login or create via WhatsApp
      Send via WhatsApp
      Authenticate
    Time-Based One-Time Passcodes (TOTP)
      Create
      Authenticate
      Get Recovery Codes
      Recover
    Session Management
      Get Session
      Authenticate Session
      Revoke Session
      Update Session
      Get Tokens
    Passkeys & WebAuthn
      Register
      Authenticate
      Update
    Biometrics
      Introduction
      Register
      Authenticate
      Keystore available
      Registration available
      Remove registration
      Get sensor
      Errors
    Device Fingerprinting
      Get telemetry ID
    More Resources
      SWR & caching
      Deep linking
      Android KeyStore considerations
Get support on SlackVisit our developer forum

Contact us

Consumer Authentication

/

Mobile SDKs

/

React Native SDK reference

/

RBAC

/

Is Authorized

isAuthorized

The SDK provides two methods for getting an authorization verdict on a Resource-action pair (that is, whether the logged-in User is authorized to perform the specified action on the specified Resource).

The isAuthorizedSync method will use locally-cached instances of the User and the configured RBAC policy. If the RBAC policy has not been loaded, this method will always return false. The SWR caching strategy is detailed here.

The isAuthorized method determines whether the logged-in user is allowed to perform the specified action on the specified resource. It will return a Promise that resolves after the RBAC policy has been loaded. Returns true if the user can perform the action, false otherwise.

If the user is not logged in, this method will always return false. If the resource or action provided are not valid for the configured RBAC policy, this method will return false.

As a best practice, authorization checks for sensitive actions should also occur on the backend.

import { useStytch } from '@stytch/react-native';
import React from 'react';
import { Text, TouchableOpacity, View } from 'react-native';

export const EditDocuments = () => {
  const stytch = useStytch();
  const isAuthorized = stytch.rbac.isAuthorizedSync('documents', 'edit');

  const editDocument = () => {
    //...
  };

  return (
    <View>
      <TouchableOpacity disabled={!isAuthorized} onPress={editDocument}>
        <Text>Edit</Text>
      </TouchableOpacity>
    </View>
  );
};
RESPONSE
200
​
{
    "status_code": 200,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141"
    "is_authorized": true,
}