I have an express server with the following for authorization…
import bearer from "express-oauth2-jwt-bearer";
// Authorization middleware. When used, the Access Token must
// exist and be verified against the Auth0 JSON Web Key Set.
const checkJwt = bearer.auth({
audience: "https://....dev/node",
issuerBaseURL: "https://....dev",
});
const checkScopes = bearer.requiredScopes("access:node");
export {checkJwt, checkScopes};
I am converting it over to an API Gateway like this…
swagger: '2.0'
info:
title: hw-api Gateway
description: Sample API Gateway
version: 1.0.0
schemes:
- https
produces:
- application/json
paths:
/hello:
get:
summary: Greet a user
operationId: hello
x-google-backend:
address: https://us-central1-....cloudfunctions.net/helloGET
responses:
'200':
description: A successful response
schema:
type: string
I see documentation on how to handle Authentication with the gateway but nothing about how to ensure the scopes are correct. How would I confirm the access token has the proper scopes when someone calls the API?