Node (Express) API: Authorization using custom scopes/permissions

devzilla · June 18, 2018, 6:44pm

Hello,

I am following this tutorial (Auth0 Node (Express) API SDK Quickstarts: Authorization) to enable authentication in my express app. I notice there is a checkScopes middleware which can be utilized to see if the incoming access token contains a particular scope.

Now, I have actually enabled the authorization extension and through that I am setting custom permissions using the following snippet of code:

context.accessToken[namespace + ‘permissions’] = user.permissions;

I wanted to know, how can we override the checkScopes method to look at the namespace in order to get the list of scopes (rather than the default scopes property which is part of the spec).

Thanks!

Max

devzilla · June 19, 2018, 5:23pm

Fixed it by editing the middleware to look at the namespace property rather than the default scope.

However, is there a way to add the custom scopes to the “scope” field of the token rather than having to make new namespaces all the time?

Please note, I am using the authorization extension.

konrad.sopala · August 16, 2019, 1:39pm

Hey there!

Terribly sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes our bandwidth is just not enough for all the questions that are coming in. Sorry for the inconvenience!

Do you still require further assistance from us?