Hi all, my first post here. I could not find anything relating to the issue that I am having and I’m hoping that someone can help me in order to save me some time. I am also new to using Auth0 and have started building an application that uses Auth0.
As the title suggests, I have a Node JS API which has a GET /users
endpoint. This endpoint checks for a JWT and it also checks if the JWT is bearing the required scopes. For some reason when I call the GET endpoint, I get a response Insufficient Scope
.
My API endpoint code looks like this:
// Scope required to get all users
const getUsersScopes = jwtAuthz(['read:users']);
const authConfig = {
audience: "https://api.myapp.com/",
domain: "myapp.auth0.com"
};
const checkJwt = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://${authConfig.domain}/.well-known/jwks.json`,
}),
audience: authConfig.audience,
issuer: `https://${authConfig.domain}/`,
algorithms: ['RS256']
});
app.route('/users')
.get(checkJwt, getUsersScopes, (req: Request, res: Response, next: NextFunction) => {
next();
}, this.userController.getUsers);
}
Then I have an Angular app which sends my token to the API, and I can see that the token that is sent to the API contains a permissions
property and it’s an array of all the permissions that my user has. It looks like so:
{
"iss": "https://myapp.auth0.com/",
"sub": "...",
"aud": [
"https://api.myapp.com/",
"https://myapp.auth0.com/userinfo"
],
"iat": ...,
"exp": ...,
"azp": "...",
"scope": "openid profile email",
"permissions": [
"read:user",
"read:users",
"remove:user",
"update:user",
"write:user"
]
}
My question is, why does my Node JS API respond with “Insufficient Scope” when my token contains the required scope read:users
?
I can call the endpoint perfectly fine when I remove the getUsersScopes
from the .get()
ednpoint like so:
app.route('/users')
.get(checkJwt, (req: Request, res: Response, next: NextFunction) => {
next();
}, this.userController.getUsers);
}
Am I missing something obvious? Any advice would be greatly appreciated.
Thanks in advance,
Morné