Angular + Express Scopes

I’ve been relying on this https://auth0.com/docs/architecture-scenarios/spa-api/spa-implementation-angular2#4-display-ui-elements-conditionally-based-on-scope to help me and I believe it is out of date.

They are using a auth0 = new auth0.webAuth and the latest spa sdk uses public auth0Client$ = (from( createAuth0Client({.

From auth0Client$ I can’t seem to get anyway to get access to the scopes associated with this user. Is there documentation that I am missing?

UPDATE: Okay, figured the server side out. The token does have to be included like I show below
On the server side, I’m trying to block the route based on the scope but just get a 403 for everything. Do I need to manually attach a token to the request? I can’t seem to find any documentation that says that is the case.

this.auth.getTokenSilently$.subscribe(token => {

	const checkJwt = jwt({
		secret: jwksRsa.expressJwtSecret({
			cache: true,
			rateLimit: true,
			jwksRequestsPerMinute: 5,
			jwksUri: `https://${authConfig.domain}/.well-known/jwks.json`
		}),

		audience: authConfig.audience,
		issuer: `https://${authConfig.domain}/`,
		algorithm: ["RS256"]
	});

	const checkScopes = jwtAuthz(['read:leads']);

	app.get('/leads', checkJwt, checkScopes, get);

Hi @aarmora,

Just want to confirm with you, did you figure this out or still have a question?

Let me know,
Dan

Hey @dan.woda, I am still unable to see how to get scopes from auth0-spa-js. I’ve been discussing with @luis.rudge on a github issue and it seems that it should be possible, if I’m understanding correctly.

@aarmora,

Just to echo some of what Luis is saying, adding them to the id token via a rule would be my recommendation if that fits your scenario.

In fact, here is a FAQ with that solution.

Let me know if that helps,
Dan

Very helpful. Thanks! I was looking for a way to do that.

Glad we found something! Let me know if you have any trouble.

Thanks,
Dan

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.