Hello,
I have a VueJS 3 SPA and an Express API. I did all the back configuration according to the official doc and the front from this repo (https://github.com/nybblex/vue3-auth0-app) since the doc doesn’t support VueJS 3.
Then, I tried to request the API. It works when no routes are scoped limited. But I get a 403 - Insufficient scope when I protect the rout with a permission. I am connected with a user with the sufficient permissions.
Back routes
const writeScope = jwtAuthz([ 'write:equipement' ]);
const readLimitedScope = jwtAuthz([ 'read_limited:equipement' ]);
const readFullScope = jwtAuthz([ 'read_limited:equipement', 'read:equipement' ]);
//CRUD API
router.use("/CRUD/:id", jwtChecker.check(), readLimitedScope, controllerEquipmentCRUD.checkIdValidity);
router.post("/CRUD/", jwtChecker.check(), writeScope, controllerEquipmentCRUD.create);
router.put("/CRUD/:id", jwtChecker.check(), writeScope, controllerEquipmentCRUD.modify);
router.delete("/CRUD/:id", jwtChecker.check(), writeScope, controllerEquipmentCRUD.delete);
router.get("/CRUD/:id", jwtChecker.check(), readLimitedScope, controllerEquipmentCRUD.getById);
Front request
import {getToken} from "../auth";
export async function getAll(){
const accessToken = await getToken();
const result = await fetch('http://localhost:3000/v1/equipment/CRUD/123', {
method: 'GET',
headers: {
Authorization: 'Bearer ' + accessToken
}
});
const data = await result.json();
return data;
}
Front auth/index.js
export const getToken = async function() {
const auth0Client = await getAuthClient();
return auth0Client.getTokenSilently();
}
Thanks in advance