I am following the quickstart guide here:
const express = require('express');
const app = express();
const jwt = require('express-jwt');
const jwtAuthz = require('express-jwt-authz');
const jwksRsa = require('jwks-rsa');
var port = process.env.PORT || 9090;
const checkJwt = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://stcalica.auth0.com/.well-known/jwks.json`
}),
audience: 'https://favorites/api',
issuer: 'https://stcalica.auth0.com/',
algorithms: ['RS256']
});
app.get('/api/public', function(req, res) {
res.json({
message: 'Hello from a public endpoint! You don\'t need to be authenticated to see this.'
});
});
app.get('/api/private', checkJwt, function(req, res) {
res.json({
message: 'Hello from a private endpoint! You need to be authenticated to see this.'
});
});
//check permissions rather than scope in access token
var options = {
customScopeKey: 'permissions'
};
const checkScopes = jwtAuthz([ 'add:favorites', 'read:favorites' ]);
app.get('/api/private-scoped', checkJwt, checkScopes, function(req, res) {
res.json({
message: 'Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this.'
});
});
app.listen(port);
I added permissions, then created roles and then assigned those roles to my users.
I see multiple people ask these questions and either get workarounds or no solution. I think this is the largest issue with scope’s example:
**1. I can’t get the Test tab to include scopes or to act a user to see if scopes work. **
2. I can’t easily get an access token with scopes in Postman to test either
3. I can’t tell if my access token has a scope attached to it (possibly create some web tool to show scopes)
4. What’s really missing is any screenshots about setting up Scopes and Permissions in my API settings