CODEWITHSUNDEEP
node.jsauthenticationauth0
Willian
Willian

Reputation: 3405

Auth0 - Insufficient scope

I'm using Auth0 in my Node.js application and I'm facing Insufficient scope error when trying to protect any routes in my app.

I've been searching for a while and I found a bunch of similar problem, but couldn't manage to find the solution.

Essentially, in my node app I have to protect a route as follow:

const checkScopes = jwtAuthz(['read:flights']);

However, I always receive Insufficient scope error when adding the middleware to protect my route:

app.get('/api/permission', checkJwt, checkScopes, (req, res) => {
  res.send({
    msg: 'Your access token AND PERMISSION was successfully validated!'
  });
});

Could you help me please?

Upvotes: 2

Views: 1127

Answers (3)

Cole Stanfield
Cole Stanfield

Reputation: 1

You have saved my sanity along with my business. God speed you.

Just to reiterate (with example)...

app.get('/test', jwtCheck, jwtAuthz(['read:generatedLeads'], { customScopeKey: "permissions", customUserKey: "auth" }),  (req, res) => {
    infoLogger.info(FILE_NAME, METHOD, "Health Check is passing...")
    res.status(200).send({health: "Token Accepted"})
})

Adding customUserKey: "auth" as part of the config for jwtAuthz resolved my issue with "insufficient scope" error.

Upvotes: 0

Khanh Lam
Khanh Lam

Reputation: 21

You can try const checkScopes = jwtAuthz(['read:flights'], { customUserKey: "auth" });

By default, permissions are checked against req.user. However, I noticed in the latest version, req.user is undefined. Instead, the token is under req.auth

Upvotes: 2

Rodolfo
Rodolfo

Reputation: 181

you should include a second parameter called "customScopeKey" this way auth0 will use permission instead of scope to validate the user credentials.

use this:

const checkScopes = jwtAuthz(['read:flights'], { customScopeKey: "permissions" });

instead of 

const checkScopes = jwtAuthz(['read:flights']);

Upvotes: 2

Related Questions