无法确定访问令牌的范围

问题描述 投票:0回答:1

我正在开发一个带有 React 前端和 NestJS 后端的 unity asset store。 授权是使用Auth0实现的。前端是单页应用程序 (SPA),而后端,如前所述,利用 JwtUserGuard 来检查令牌。

我基本上是在尝试创建一个验证用户 ID 的防护程序,以便为用户提供访问权限。以下是 RolesGuard:

@Injectable()
export class RolesGuard implements CanActivate {
    constructor(
        private readonly httpService: HttpService,
        private readonly reflector: Reflector,
        private readonly jwtService: JwtService,
    ) {
    }

    async canActivate(context: ExecutionContext) {
        const token = context.switchToHttp().getRequest().headers.authorization.replace('Bearer ', '');
        const sub = this.jwtService.decode(token).sub;
        
        const userRole = (await this.httpService.axiosRef.get(
            `https://_____________________/api/v2/users/${sub}/roles`,
            {
                headers: {'Authorization': `Bearer ${token}`}
            }
        ));
        
        const role = this.reflector.get<string>(ROLES_KEY, context.getHandler())[0];
        
        return role === userRole.data
    }
}

使用来自 Auth0 管理 API 的测试访问令牌一切正常,但是当我尝试从前端获取访问令牌时 (参考下面的index.js):

const root = ReactDOM.createRoot(document.getElementById('root'));
root.render(
    <Auth0Provider
        domain="{myDomain}"
        clientId="{myClientId}"
        authorizationParams={{
            redirect_uri: window.location.origin,
            audience: "https://{myDomain}/api/v2/",
            scope: "read:current_user update:current_user_metadata"
        }}
    >
        <App/>
    </Auth0Provider>
);

Profile.js

...
const accessToken = await getAccessTokenSilently({
                    authorizationParams: {
                        audience: `https://${domain}/api/v2/`,
                        scope: "read:current_user",
                    },
                });
...

并尝试将其传递到我的端点,我收到以下错误:

{
    "statusCode": 403,
    "error": "Forbidden",
    "message": "Insufficient scope, expected any of: read:users,read:roles,read:role_members",
    "errorCode": "insufficient_scope"
}

查看访问令牌范围可以发现以下内容:

"scope": "openid read:current_user update:current_user_metadata"

事实证明,

read:users,read:roles,read:role_members
必须添加到
authorizationParams
Auth0Provider
范围内。 这是首要问题。我尝试通过以下方式在此处添加范围:

const root = ReactDOM.createRoot(document.getElementById('root'));
root.render(
    <Auth0Provider
        domain="{myDomain}"
        clientId="{myClientId}"
        authorizationParams={{
            redirect_uri: window.location.origin,
            audience: "https://{myDomain}/api/v2/",
            scope: "read:current_user update:current_user_metadata read:users read:roles read:role_members"
        }}
    >
        <App/>
    </Auth0Provider>
);

但我的访问令牌范围保持不变。我真的不明白范围是如何工作的。我浏览了 auth0 文档来查找有关此问题的有用信息,但结果并没有多大帮助。

reactjs typescript oauth-2.0 scope nestjs
1个回答
0
投票

我也遇到同样的问题,请问你解决了吗?

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.