I would like to know how to set the scope to a http request in my Ionic App. We are using Hapi Framework for the Backend built with Node.JS. I'm working with a team so I don’t have enough knowledge on the server side since I'm working on the Ionic App.
Also, I'm setting a Bearer Token to the request header which is working fine. Below is my code.
Ionic App Http Request:
let params = { eventId: this.event_id, bearerToken: '' };
let headers = new HttpHeaders();
headers.set('Content-Type', 'application/json');
headers.set('Authorization', `Bearer ${params.bearerToken}`);
headers.set('Scope', 'client');
console.log("Authorization bearer token: " params.bearerToken);
//headers.append('scope', ['client']);
let options = { headers: headers, scope: 'client' };
return this.http
.get(this.baseUrl `getEventShops?eventId=${params.eventId}`, options)
.pipe(map((response: any) => response)
, catchError(this.handleError));
Node.JS Route Fragment:
exports.getEventShops = {
method: 'get',
path: '/event/getEventShops',
async handler(request) {
const user = request.auth.credentials.userSession;
let data = await shopController.getEventShops(request.query, user);
return data;
},
config: {
auth: {
strategy: 'JwtAuth',
scope: ['client']
},
......
This is the error code I'm getting:
{
"statusCode": 403,
"error": "Forbidden",
"message": "Insufficient scope"
}
I know the error is because I'm setting the scope the wrong way.
CodePudding user response:
This is something that has to be set in the Bearer token, on the server side, not on the mobile one.