Angular + Express Scopes

I’ve been relying on this to help me and I believe it is out of date.

They are using a auth0 = new auth0.webAuth and the latest spa sdk uses public auth0Client$ = (from( createAuth0Client({.

From auth0Client$ I can’t seem to get anyway to get access to the scopes associated with this user. Is there documentation that I am missing?

UPDATE: Okay, figured the server side out. The token does have to be included like I show below
On the server side, I’m trying to block the route based on the scope but just get a 403 for everything. Do I need to manually attach a token to the request? I can’t seem to find any documentation that says that is the case.

this.auth.getTokenSilently$.subscribe(token => {
	const checkJwt = jwt({
		secret: jwksRsa.expressJwtSecret({
			cache: true,
			rateLimit: true,
			jwksRequestsPerMinute: 5,
			jwksUri: `https://${authConfig.domain}/.well-known/jwks.json`

		audience: authConfig.audience,
		issuer: `https://${authConfig.domain}/`,
		algorithm: ["RS256"]

	const checkScopes = jwtAuthz(['read:leads']);

	app.get('/leads', checkJwt, checkScopes, get);

Hi @aarmora,

Just want to confirm with you, did you figure this out or still have a question?

Let me know,

Hey @dan.woda, I am still unable to see how to get scopes from auth0-spa-js. I’ve been discussing with @luis.rudge on a github issue and it seems that it should be possible, if I’m understanding correctly.


Just to echo some of what Luis is saying, adding them to the id token via a rule would be my recommendation if that fits your scenario.

In fact, here is a FAQ with that solution.

Let me know if that helps,

Very helpful. Thanks! I was looking for a way to do that.

1 Like

Glad we found something! Let me know if you have any trouble.


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.