Closed mmaedler closed 3 years ago
@mmaedler notice the key scope_key
has a typo. the correct key is scopes_key
. so, since the component is not informed of the name of the claim containing the scopes, it doesn't validate the scopes
https://www.krakend.io/docs/authorization/jwt-validation/#jwt-validation-settings
D'oh. Thank you so much. Guess what: now it works. Sorry for bothering.
This issue was marked as resolved a long time ago and now has been automatically locked as there has not been any recent activity after it. You can still open a new issue and reference this link.
Describe what are you trying to do I am implementing a POC based on Krakend showcasing machine-to-machine communication. For that I use Auth0's client credentials flow to obtain a JWT for my client to be able to authorize and to consume apis behind krakend.
Since one requirement is that we have multiple consumers with different permissions I want to use the scopes feature to handle and validate those.
Your configuration file
The resulting JWT has the following scopes set:
Therefore I would expect the request to be terminated at the gateway with a HTTP403. However, that isn't the case — the request gets forwarded to my backend and response is returned.
I am doing something wrong here?