Auth0 Home Blog Docs

Node (Express) API: Authorization using custom scopes/permissions


#1

Hello,

I am following this tutorial (https://auth0.com/docs/quickstart/backend/nodejs/01-authorization) to enable authentication in my express app. I notice there is a checkScopes middleware which can be utilized to see if the incoming access token contains a particular scope.

Now, I have actually enabled the authorization extension and through that I am setting custom permissions using the following snippet of code:

context.accessToken[namespace + ‘permissions’] = user.permissions;

I wanted to know, how can we override the checkScopes method to look at the namespace in order to get the list of scopes (rather than the default scopes property which is part of the spec).

Thanks!

Max


#2

Fixed it by editing the middleware to look at the namespace property rather than the default scope.

However, is there a way to add the custom scopes to the “scope” field of the token rather than having to make new namespaces all the time?

Please note, I am using the authorization extension.