The latest version of the express-jwt package stores the decoded jwt payload in “req.auth” not “req.user”. The express-jwt-authz looks for your scopes on the req.user object by default (which will be undefined). Try updating the “checkPermissions” function like this:
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Form Validation Bug in WHATABYTE Auth0 Code | 2 | 3761 | March 18, 2021 | |
| Use TypeScript to Create a Secure API with Node.js and Express | 27 | 9089 | March 2, 2022 | |
| Node.js API Authorization: Complete Guide with TypeScript | 0 | 2812 | October 12, 2022 | |
| Express.js TypeScript Authorization: Basic API Access Control | 0 | 2619 | December 14, 2021 | |
| Node.js Express integration causing strange behaviour | 2 | 3630 | September 5, 2019 |