Angular + Express Scopes

Get Help
1

I’ve been relying on this SPA Angular 2 Implementation (SPAs + API) to help me and I believe it is out of date.

They are using a auth0 = new auth0.webAuth and the latest spa sdk uses public auth0Client$ = (from( createAuth0Client({.

From auth0Client$ I can’t seem to get anyway to get access to the scopes associated with this user. Is there documentation that I am missing?

UPDATE: Okay, figured the server side out. The token does have to be included like I show below
On the server side, I’m trying to block the route based on the scope but just get a 403 for everything. Do I need to manually attach a token to the request? I can’t seem to find any documentation that says that is the case.

this.auth.getTokenSilently$.subscribe(token => {

	const checkJwt = jwt({
		secret: jwksRsa.expressJwtSecret({
			cache: true,
			rateLimit: true,
			jwksRequestsPerMinute: 5,
			jwksUri: `https://${authConfig.domain}/.well-known/jwks.json`
		}),

		audience: authConfig.audience,
		issuer: `https://${authConfig.domain}/`,
		algorithm: ["RS256"]
	});

	const checkScopes = jwtAuthz(['read:leads']);

	app.get('/leads', checkJwt, checkScopes, get);
2

Hi @aarmora,

Just want to confirm with you, did you figure this out or still have a question?

Let me know,
Dan

3

Hey @dan.woda, I am still unable to see how to get scopes from auth0-spa-js. I’ve been discussing with @luis.rudge on a github issue and it seems that it should be possible, if I’m understanding correctly.

4

@aarmora,

Just to echo some of what Luis is saying, adding them to the id token via a rule would be my recommendation if that fits your scenario.

In fact, here is a FAQ with that solution.

http://community.auth0.com/t/how-do-i-add-user-permissions-to-id-token/28611

Let me know if that helps,
Dan

5

Very helpful. Thanks! I was looking for a way to do that.

6

Glad we found something! Let me know if you have any trouble.

Thanks,
Dan