Hey there @vinood.persad!
Hmm that’s interesting you’re getting a 403 here - Are there any clues in the error logging as to why?
While I haven’t used express-jwt-authz myself, I was able to get this working using the updated express-oauth2-jwt-bearer library to achieve what you are after. My code looks like this:
const cors = require("cors");
const morgan = require("morgan");
const helmet = require("helmet");
const authConfig = require("./src/auth_config.json");
const express = require('express');
const { auth, requiredScopes, claimEquals, claimIncludes } = require('express-oauth2-jwt-bearer');
require('dotenv').config(); // Load the .env variables
const appPort = process.env.SERVER_PORT || 3000;
const appOrigin = authConfig.appOrigin || `http://localhost:${appPort}`;
const app = express();
const checkJwt = auth();
app.use(morgan("dev"));
app.use(helmet());
app.use(cors({ origin: appOrigin }));
//using claimIncludes to check if the permissions claim contains read:msg
app.get('/api/external', checkJwt, claimIncludes('permissions', 'read:msg'), (req, res) => {
res.json({ message: `Hello ${req.auth.payload.sub} - Permissions: ${req.auth.payload.permissions}` });
});
app.listen(3001, () => console.log('listening at http://localhost:3001'))
I’m using this alongside our React sample to test, you can find my fork here.
Depending on where you are at in your project, it might be worth switching over to the improved experience - Some more on that here:
Hope this helps!