They are using a auth0 = new auth0.webAuth and the latest spa sdk uses public auth0Client$ = (from( createAuth0Client({.
From auth0Client$ I can’t seem to get anyway to get access to the scopes associated with this user. Is there documentation that I am missing?
UPDATE: Okay, figured the server side out. The token does have to be included like I show below
On the server side, I’m trying to block the route based on the scope but just get a 403 for everything. Do I need to manually attach a token to the request? I can’t seem to find any documentation that says that is the case.
Hey @dan.woda, I am still unable to see how to get scopes from auth0-spa-js. I’ve been discussing with @luis.rudge on a github issue and it seems that it should be possible, if I’m understanding correctly.