Auth0 provides two ways to implement role-based access control (RBAC), which you can use in place of or in combination with your API’s own internal access control system:The Authorization Core feature set matches the functionality of the Authorization Extension, improves performance and scalability, and provides a more flexible RBAC system than the Authorization Extension.Currently, both implement the key features of RBAC and allow you to restrict the custom scopes defined for an API to those that have been assigned to the user as permissions.
Migrate to Authorization Extension v2
Learn how to upgrade Authorization Extension from v1 to v2 using the Dashboard.
One of the major changes between versions 1 and 2 of the Authorization Extension is the removal of the Applications section. This section was removed to simplify its inherent complexity, such as when it was used to define a policy for access control. The desired approach for such use cases is to use rules.