Access Token with the read:messages scope isn't reflecting in express-jwt-authz

Following this section on securing an API endpoint using express, the actual scope is being returned and causing an “Insufficient scope” scope error. It’s not pulling from the ‘permissions’ key as expected.

“scope”: “openid profile email”,
“permissions”: [“read:id”]

With this happening, would my best bet be to send a request to get this changed in the library or am I doing something wrong here?

When I change the “scopeKey” variable in the library source code, it grabs the permissions key. I don’t see any changes that would have caused this issue in the first place.

Oops nevermind. There’s a custom scope key option.

1 Like

Glad you have figured it out!

1 Like