SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hello everyone. I just started building an application with super tokens and Nestjs. Authentication documentation is awesome. But is there a way to implement authorization to check if user can only update his own data?

hey <@420544082486755328> - can you elaborate on the use case please?

Hi <@498057949541826571> I am creating a boilerplate for Nestjs as a starting point for any application I work on in future. For authentication I choose firebase initially but then decided to go with super tokens. For authorization I was going for cerbos or openfga. But since most of the applications I develop have very basic roles and checks I thought it would be better if I can find a good way of implementing authorization using just super tokens. 

1. Role based access which super tokens provide
2. Make sure that a comment created by user can only be updated or removed by the same user. 
Like if user.id === article.userId

I tried searching for blog posts if anyone shared something about it. But the only thing I found was a comparison between ABAC and RBAC.

We have rbac support: https://supertokens.com/docs/userroles/introduction