I’ve been relying on this https://auth0.com/docs/architecture-scenarios/spa-api/spa-implementation-angular2#4-display-ui-elements-conditionally-based-on-scope to help me and I believe it is out of date.
They are using a auth0 = new auth0.webAuth
and the latest spa sdk uses public auth0Client$ = (from( createAuth0Client({
.
From auth0Client$
I can’t seem to get anyway to get access to the scopes associated with this user. Is there documentation that I am missing?
UPDATE: Okay, figured the server side out. The token does have to be included like I show below
On the server side, I’m trying to block the route based on the scope but just get a 403 for everything. Do I need to manually attach a token to the request? I can’t seem to find any documentation that says that is the case.
this.auth.getTokenSilently$.subscribe(token => {
const checkJwt = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://${authConfig.domain}/.well-known/jwks.json`
}),
audience: authConfig.audience,
issuer: `https://${authConfig.domain}/`,
algorithm: ["RS256"]
});
const checkScopes = jwtAuthz(['read:leads']);
app.get('/leads', checkJwt, checkScopes, get);