Following this section on securing an API endpoint using express, the actual scope is being returned and causing an “Insufficient scope” scope error. It’s not pulling from the ‘permissions’ key as expected.
“scope”: “openid profile email”,
“permissions”: [“read:id”]
With this happening, would my best bet be to send a request to get this changed in the library or am I doing something wrong here?