Angular + Express Scopes

aarmora · August 27, 2019, 3:32am

I’ve been relying on this https://auth0.com/docs/architecture-scenarios/spa-api/spa-implementation-angular2#4-display-ui-elements-conditionally-based-on-scope to help me and I believe it is out of date.

They are using a auth0 = new auth0.webAuth and the latest spa sdk uses public auth0Client$ = (from( createAuth0Client({.

From auth0Client$ I can’t seem to get anyway to get access to the scopes associated with this user. Is there documentation that I am missing?

UPDATE: Okay, figured the server side out. The token does have to be included like I show below
On the server side, I’m trying to block the route based on the scope but just get a 403 for everything. Do I need to manually attach a token to the request? I can’t seem to find any documentation that says that is the case.

this.auth.getTokenSilently$.subscribe(token => {

	const checkJwt = jwt({
		secret: jwksRsa.expressJwtSecret({
			cache: true,
			rateLimit: true,
			jwksRequestsPerMinute: 5,
			jwksUri: `https://${authConfig.domain}/.well-known/jwks.json`
		}),

		audience: authConfig.audience,
		issuer: `https://${authConfig.domain}/`,
		algorithm: ["RS256"]
	});

	const checkScopes = jwtAuthz(['read:leads']);

	app.get('/leads', checkJwt, checkScopes, get);

dan.woda · August 27, 2019, 10:11pm

Hi @aarmora,

Just want to confirm with you, did you figure this out or still have a question?

Let me know,
Dan

aarmora · August 27, 2019, 10:21pm

Hey @dan.woda, I am still unable to see how to get scopes from auth0-spa-js. I’ve been discussing with @luis.rudge on a github issue and it seems that it should be possible, if I’m understanding correctly.

dan.woda · August 28, 2019, 4:40pm

@aarmora,

Just to echo some of what Luis is saying, adding them to the id token via a rule would be my recommendation if that fits your scenario.

In fact, here is a FAQ with that solution.

http://community.auth0.com/t/how-do-i-add-user-permissions-to-id-token/28611

Let me know if that helps,
Dan

aarmora · August 28, 2019, 4:54pm

Very helpful. Thanks! I was looking for a way to do that.

dan.woda · August 28, 2019, 5:07pm

Glad we found something! Let me know if you have any trouble.

Thanks,
Dan

dan.woda · September 12, 2019, 5:07pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.