Express API - 403 (Forbidden) when trying to use permissions

  1. Simple authentication works
  2. When I add a JwtAuthz array is returns 403
  3. While debugging, I can see the required permission in the JWT payload.

I am at a loss on how to debug further or fix.

var checkJwtAuthz = jwtAuthz([ ‘read:events’ ])
var checkJwt = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: https://dev-8n-n3ytu.auth0.com/.well-known/jwks.json
}),
audience: ‘https://api.companya.net’,
issuer: https://dev-8n-n3ytu.auth0.com/,
algorithms: [‘RS256’]
})

router.get(’/’, checkJwt, jwtAuthz([ ‘read:events’ ]), (req, res, next) => {
Event.findAll()
.then(events => {
res.status(200).json(events)
})
.catch(err => res.status(500).send(err.message))
})