Access Token with the read:messages scope isn't reflecting in express-jwt-authz

kdesimini · May 28, 2020, 11:02pm

Following this section on securing an API endpoint using express, the actual scope is being returned and causing an “Insufficient scope” scope error. It’s not pulling from the ‘permissions’ key as expected.

“scope”: “openid profile email”,
“permissions”: [“read:id”]

With this happening, would my best bet be to send a request to get this changed in the library or am I doing something wrong here?

kdesimini · May 28, 2020, 11:04pm

When I change the “scopeKey” variable in the library source code, it grabs the permissions key. I don’t see any changes that would have caused this issue in the first place.

kdesimini · May 28, 2020, 11:13pm

Oops nevermind. There’s a custom scope key option.

konrad.sopala · May 29, 2020, 8:54am

Glad you have figured it out!

Topic		Replies	Views
Problem Insufficient scope with node Js and lib express-authz Help scopes , permissions	3	3009	June 12, 2023
Insufficient scope but JWT has correct scopes on Node Help	3	4069	June 21, 2019
Scope in JWT not verified by jwtAuthz Help user-profile , user-management	2	1230	March 31, 2023
Confused: Permissions are not part of Scopes in JWT token Help jwt	3	4138	March 5, 2021
Insufficient Scope but my token contains required permissions JWT.io jwt , scope	11	13001	November 30, 2022

Access Token with the read:messages scope isn't reflecting in express-jwt-authz

Related Topics