Can you try the following, please?
- Verify that the admin user has the right permissions.
- Log in as the admin user using an incognito/private browser tab.
Do you still see the same error?
The latest version of the express-jwt package stores the decoded jwt payload in “req.auth” not “req.user”. The express-jwt-authz looks for your scopes on the req.user object by default (which will be undefined). Try updating the “checkPermissions” function like this:
1 Like
Welcome to our community! That’s right! Let me take care of updating that. Thanks for taking the time to read the blog post and to share this fix.
2 Likes
I have followed the tutorial up until “Now that the authorization guards are in place, any attempt to create a new menu item directly using a non-admin access token results in failure:” When I login as an admin user I can see the add item and edit item buttons but it says “unauthorized”. If I log in as a regular user the buttons are gone. I had to set up the auth0 stuff as an action since rules are deprecated but unsure how to progress since it obviously sees my admin role and shows the buttons but won’t let me make any changes.