Hello community,
I’m using universal authentication following the guides:
https://auth0.com/docs/quickstart/spa/angular2/01-login
https://auth0.com/docs/quickstart/spa/angular2/03-calling-an-api
https://auth0.com/docs/quickstart/spa/angular2/04-authorization
My purpose is to create an application interacting with a WebApi with protected resources.
The login works fine using the (01) steps. However, the token after authentication doesn’t include the scopes in the payload, therefore I’m not able to authorize to my WebApi as it does not find the scopes when parsing the token provided by Auth0.
Here I highlight the angular configuration for the application that calls auth0 on login:
auth0 = new auth0.WebAuth({
clientID: AUTH_CONFIG.clientID,
domain: AUTH_CONFIG.domain,
responseType: 'token id_token',
redirectUri: AUTH_CONFIG.callbackURL,
audience: 'https://test-app/api',
scope: 'openid profile read:products'
});
I followed the steps of creating WebApi in auth0 with api identifier as _https://test-app/api_ and added the read:products scope to it.
Is there anything I could be missing here to get the scopes?
Best regards,
Luciano