Laravel middleware route Authorize Auth0

corentin.couzigou · March 30, 2022, 7:52am

hello, I present to you the starting postulate:
I made a front application in angular with the auth0 SDK. It returns a token with the interceptors to my back application in laravel. I made this api with also the auth0 SDK.
I made a front application in angular with the auth0 SDK. It returns a token with the interceptors to my back application in laravel. I made this api with also the auth0 SDK.
I then perform on my private route a verification of my token:

Route::get(‘/private/scoped/userslist’, [MainController::class, ‘getAllUsers’])->middleware([‘auth0.authorize:read:users’]);

End of my token acces :
“scope”: “openid profile email”,
“permissions”: [
“read:users”
]
However, access is denied. I don’t really understand how authr0 middleware works and is it scalable? Thanks you for your help.

dan.woda · March 31, 2022, 3:21pm

Hi @corentin.couzigou,

Welcome to the Auth0 Community!

It looks like the middleware may be expecting the read:users string in the scope claim. You can configure this by turning off the * Add Permissions in the Access Token* toggle in the API settings.

Here is a link that shows how it would look in the dashboard. Add Permissions in the Access Token

Let me know if that resolves it!