Access Token with the read:messages scope isn't reflecting in express-jwt-authz

kdesimini · May 28, 2020, 11:02pm

Following this section on securing an API endpoint using express, the actual scope is being returned and causing an “Insufficient scope” scope error. It’s not pulling from the ‘permissions’ key as expected.

“scope”: “openid profile email”,
“permissions”: [“read:id”]

With this happening, would my best bet be to send a request to get this changed in the library or am I doing something wrong here?

kdesimini · May 28, 2020, 11:04pm

When I change the “scopeKey” variable in the library source code, it grabs the permissions key. I don’t see any changes that would have caused this issue in the first place.

kdesimini · May 28, 2020, 11:13pm

Oops nevermind. There’s a custom scope key option.

konrad.sopala · May 29, 2020, 8:54am

Glad you have figured it out!

Topic		Replies	Views
Problem Insufficient scope with node Js and lib express-authz Help scopes , permissions	3	3001	June 12, 2023
Scope in JWT not verified by jwtAuthz Help user-profile , user-management	2	1230	March 31, 2023
Confused: Permissions are not part of Scopes in JWT token Help jwt	3	4134	March 5, 2021
Insufficient Scope but my token contains required permissions JWT.io jwt , scope	11	12934	November 30, 2022
Custom scopes inside access token Help jwt , scopes , access-token	3	4431	September 26, 2019

Access Token with the read:messages scope isn't reflecting in express-jwt-authz

Related Topics