Can you try the following, please?
- Verify that the admin user has the right permissions.
- Log in as the admin user using an incognito/private browser tab.
Do you still see the same error?
The latest version of the express-jwt package stores the decoded jwt payload in “req.auth” not “req.user”. The express-jwt-authz looks for your scopes on the req.user object by default (which will be undefined). Try updating the “checkPermissions” function like this:
1 Like
Welcome to our community! That’s right! Let me take care of updating that. Thanks for taking the time to read the blog post and to share this fix.
2 Likes