Adobe Developer

oliverf82757722 · 9/25/20

I have been using this example using `@adobe/jwt-auth` to try and authenticate my external service to invoke my Project Firefly app.

My config is like...

export default {
  credentials: {
    clientId : 'client id',
    technicalAccountId : 'account id',
    orgId : 'org',
    clientSecret : 'secret',
    metaScopes : 'ent_user_sdk', // This comes from the example
    privateKey : '-----BEGIN PRIVATE KEY-----\n' +
      'My Private Key/n' +
      '-----END PRIVATE KEY-----\n',
  },
};

When I try to auth now I get the error...
The metascopes in the JWT are not a subset of the metascopes in the binding

I'm not actually sure what a metascope is and how I can find which metascopes are valid.
Thanks

Oliver

duypnguyen · 9/25/20

Hi @oliverf82757722 - for JWT token handling, we recommend to use @adobe/aio-lib-ims which is supported by Project Firefly. As a side note, regardless of the JWT library being used, it's important that your action in that case should not be exposed as a web action, which makes it accessible to the public.

W.r.t. meta scopes, you should put them in an array, e.g. `metaScopes : ['ent_user_sdk']`.

View solution in original post

oliverf82757722 · 9/25/20

The rubber duck effect works again. About 2 mins after writing this I went back to the docs to keep looking and stumbled upon the list of metascopes here... https://www.adobe.io/authentication/auth-methods.html#!AdobeDocs/adobeio-auth/master/JWT/Scopes.md And now it's working Thanks

duypnguyen · 9/25/20

Hi @oliverf82757722 - for JWT token handling, we recommend to use @adobe/aio-lib-ims which is supported by Project Firefly. As a side note, regardless of the JWT library being used, it's important that your action in that case should not be exposed as a web action, which makes it accessible to the public.

W.r.t. meta scopes, you should put them in an array, e.g. `metaScopes : ['ent_user_sdk']`.

oliverf82757722 · 9/25/20

Ah excellent thanks. I'll update to that. I used that following the code sample here... https://www.adobe.io/content/udp/en/authentication/auth-methods.html#!AdobeDocs/adobeio-auth/master/... WIll update to the aio-lib-ims though. Thanks

oliverf82757722 · 9/25/20

Hi @duypnguyen please could you provide a link to some docs or sample code for using the aio-lib-ims framework. Thanks

duypnguyen · 9/25/20

Hi Oliver - yes you can read the docs here: https://github.com/adobe/aio-lib-ims

oliverf82757722 · 9/25/20

Hi @duypnguyen I've moved over to use the aio-lib-ims framework and now I'm getting the error again of 'The metascopes in the JWT are not a subset of the metascopes in the binding.' I have found the list of metascopes in the link I provided but I'm just not sure how to discover what the "metascopes in the binding" are? My current array is ['https://ims-na1.adobelogin.com/s/ent_adobeio_sdk'] (which was working before) but that was just a guess. Please could you help me in discovering which metascopes I have in the binding? Thanks

oliverf82757722 · 9/25/20

Oh! I read the fine print again. The sample code uses @adobe/jwt-auth which has metascopes as URLs. The `aio-lib-ims` framework has metascopes as names (so just the last part of the URL). Fixed now. Thanks Slowly getting there

duypnguyen · 9/25/20

glad to hear it worked Not sure why the jwt-auth one requires the whole URL, but yes the aio-lib-ims only requires the scope name. That's the array you usually get by downloading the workspace details JSON from Adobe Developer Console.

Adobe Developer

What are MetaScopes and how can I find what I need to add?

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe