Skip to content
Advertisement

How can I set the scope to a http request in my app?

I would like to know how to set the scope to a http request in my Ionic App. We are using Hapi Framework for the Backend built with Node.JS. I’m working with a team so I don’t have enough knowledge on the server side since I’m working on the Ionic App.

Also, I’m setting a Bearer Token to the request header which is working fine. Below is my code.

Ionic App Http Request:

let params = { eventId: this.event_id, bearerToken: '' };  

let headers = new HttpHeaders();

headers.set('Content-Type', 'application/json');
headers.set('Authorization', `Bearer ${params.bearerToken}`);
headers.set('Scope', 'client');
console.log("Authorization bearer token: " + params.bearerToken);
//headers.append('scope', ['client']);
let options = { headers: headers, scope: 'client' };
return this.http
  .get(this.baseUrl + `getEventShops?eventId=${params.eventId}`, options)
  .pipe(map((response: any) => response)
    , catchError(this.handleError));

Node.JS Route Fragment:

exports.getEventShops = {
method: 'get',
path: '/event/getEventShops',
async handler(request) {
    const user = request.auth.credentials.userSession;
    let data = await shopController.getEventShops(request.query, user);
    return data;
},
config: {
    auth: {
        strategy: 'JwtAuth',
        scope: ['client']
    },
  ......

This is the error code I’m getting:

{
   "statusCode": 403,
   "error": "Forbidden",
   "message": "Insufficient scope"
}

I know the error is because I’m setting the scope the wrong way.

Answer

This is something that has to be set in the Bearer token, on the server side, not on the mobile one.

Advertisement