fastAPI package to check JWT permissions in offline scop

I want to authorise a user based on the permissions in there JWT token but while using the offline flow the scope is set to offline_access whereas if I use the client credential flow, all my permissions are present in the scope string too. Now I am using this package fastapi-auth0 (GitHub - dorinclisu/fastapi-auth0: FastAPI authentication and authorization using auth0.com) to check for the valid permissions but it only works for the JWT tokens generated using the client credentials flow as it has all my permissions where as the offline_access jwt token only have a single scope. What am I doing wrong here? Is there any other package that I can use for offline_access JWT tokens.

PAYLOAD OF CLIENT CREDENTIALS TOKEN:
“scope”: “get:mapsors get:deployments get:automations get:ws_cloudport post:mapsors post:deployments post:automations post:ws_cloudport”,
“gty”: “client-credentials”,
“permissions”: [
“get:mapsors”,
“get:deployments”,
“get:automations”,
“get:ws_cloudport”,
“post:mapsors”,
“post:deployments”,
“post:automations”,
“post:ws_cloudport”
]

PAYLOAD OF OFFLINE ACCESS TOKEN:
“scope”: “offline_access”,
“permissions”: [
“get:mapsors”,
“get:deployments”,
“get:automations”,
“get:ws_cloudport”,
“post:mapsors”,
“post:deployments”,
“post:automations”,
“post:ws_cloudport”
]

Hi @chaitanya.tyagi,

Welcome to the Auth0 Community!

Why are you requesting the offline_access scope with a client credential grant? IIRC, client credentials grants should not return a refresh token.

I was not. I accidentally pasted the gty key too. Anyway I have found a way to change the code to check for the permissions claim rather than the scopes claim.

Great, thanks for the update. I’ll make this one resolved.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.