Expand my Community achievements bar.

SOLVED

What are MetaScopes and how can I find what I need to add?

Avatar

Level 2

I have been using this example using `@adobe/jwt-auth` to try and authenticate my external service to invoke my Project Firefly app.

My config is like...

 

export default {
  credentials: {
    clientId : 'client id',
    technicalAccountId : 'account id',
    orgId : 'org',
    clientSecret : 'secret',
    metaScopes : 'ent_user_sdk', // This comes from the example
    privateKey : '-----BEGIN PRIVATE KEY-----\n' +
      'My Private Key/n' +
      '-----END PRIVATE KEY-----\n',
  },
};

 

When I try to auth now I get the error...
The metascopes in the JWT are not a subset of the metascopes in the binding
I'm not actually sure what a metascope is and how I can find which metascopes are valid.
Thanks
Oliver
Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Employee

Hi @oliverf82757722 - for JWT token handling, we recommend to use @adobe/aio-lib-ims which is supported by Project Firefly. As a side note, regardless of the JWT library being used, it's important that your action in that case should not be exposed as a web action, which makes it accessible to the public.

W.r.t. meta scopes, you should put them in an array, e.g. `metaScopes : ['ent_user_sdk']`.

View solution in original post

8 Replies

Avatar

Level 2
The rubber duck effect works again. About 2 mins after writing this I went back to the docs to keep looking and stumbled upon the list of metascopes here... https://www.adobe.io/authentication/auth-methods.html#!AdobeDocs/adobeio-auth/master/JWT/Scopes.md And now it's working Thanks

Avatar

Correct answer by
Employee

Hi @oliverf82757722 - for JWT token handling, we recommend to use @adobe/aio-lib-ims which is supported by Project Firefly. As a side note, regardless of the JWT library being used, it's important that your action in that case should not be exposed as a web action, which makes it accessible to the public.

W.r.t. meta scopes, you should put them in an array, e.g. `metaScopes : ['ent_user_sdk']`.

Avatar

Level 2
Ah excellent thanks. I'll update to that. I used that following the code sample here... https://www.adobe.io/content/udp/en/authentication/auth-methods.html#!AdobeDocs/adobeio-auth/master/... WIll update to the aio-lib-ims though. Thanks

Avatar

Level 2
Hi @duypnguyen please could you provide a link to some docs or sample code for using the aio-lib-ims framework. Thanks

Avatar

Level 2
Hi @duypnguyen I've moved over to use the aio-lib-ims framework and now I'm getting the error again of 'The metascopes in the JWT are not a subset of the metascopes in the binding.' I have found the list of metascopes in the link I provided but I'm just not sure how to discover what the "metascopes in the binding" are? My current array is ['https://ims-na1.adobelogin.com/s/ent_adobeio_sdk'] (which was working before) but that was just a guess. Please could you help me in discovering which metascopes I have in the binding? Thanks

Avatar

Level 2
Oh! I read the fine print again. The sample code uses @adobe/jwt-auth which has metascopes as URLs. The `aio-lib-ims` framework has metascopes as names (so just the last part of the URL). Fixed now. Thanks Slowly getting there

Avatar

Employee
glad to hear it worked Not sure why the jwt-auth one requires the whole URL, but yes the aio-lib-ims only requires the scope name. That's the array you usually get by downloading the workspace details JSON from Adobe Developer Console.