Authifi RBAC Demo

This sample demonstrates two layers of role-based access control in Authifi:

• App Roles — client-application roles that confer app:* scopes on the access token, used to gate UI and web-app routes.
• API Roles — resource-server (access) roles that confer tasks:* scopes on the access token, enforced by the bundled API.

Authifi delivers both kinds of grants through the single scope claim on the access token, so every authorization gate checks the same flat list. After login, the dashboard pulls your roles and group memberships live from Authifi's user self-service API to show you which of those scopes came from an App Role vs an API Role.