Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

What are MetaScopes and how can I find what I need to add?

oliverf82757722
Level 2
Level 2

I have been using this example using `@adobe/jwt-auth` to try and authenticate my external service to invoke my Project Firefly app.

My config is like...

 

export default {
  credentials: {
    clientId : 'client id',
    technicalAccountId : 'account id',
    orgId : 'org',
    clientSecret : 'secret',
    metaScopes : 'ent_user_sdk', // This comes from the example
    privateKey : '-----BEGIN PRIVATE KEY-----\n' +
      'My Private Key/n' +
      '-----END PRIVATE KEY-----\n',
  },
};

 

When I try to auth now I get the error...
The metascopes in the JWT are not a subset of the metascopes in the binding
I'm not actually sure what a metascope is and how I can find which metascopes are valid.
Thanks
Oliver
1 Accepted Solution
duypnguyen
Correct answer by
Employee
Employee

Hi @oliverf82757722 - for JWT token handling, we recommend to use @adobe/aio-lib-ims which is supported by Project Firefly. As a side note, regardless of the JWT library being used, it's important that your action in that case should not be exposed as a web action, which makes it accessible to the public.

W.r.t. meta scopes, you should put them in an array, e.g. `metaScopes : ['ent_user_sdk']`.

View solution in original post

8 Replies
oliverf82757722
Level 2
Level 2
The rubber duck effect works again. 😄 About 2 mins after writing this I went back to the docs to keep looking and stumbled upon the list of metascopes here... https://www.adobe.io/authentication/auth-methods.html#!AdobeDocs/adobeio-auth/master/JWT/Scopes.md And now it's working 😄 Thanks
duypnguyen
Correct answer by
Employee
Employee

Hi @oliverf82757722 - for JWT token handling, we recommend to use @adobe/aio-lib-ims which is supported by Project Firefly. As a side note, regardless of the JWT library being used, it's important that your action in that case should not be exposed as a web action, which makes it accessible to the public.

W.r.t. meta scopes, you should put them in an array, e.g. `metaScopes : ['ent_user_sdk']`.

View solution in original post

oliverf82757722
Level 2
Level 2
Ah excellent thanks. I'll update to that. I used that following the code sample here... https://www.adobe.io/content/udp/en/authentication/auth-methods.html#!AdobeDocs/adobeio-auth/master/... WIll update to the aio-lib-ims though. Thanks
oliverf82757722
Level 2
Level 2
Hi @duypnguyen please could you provide a link to some docs or sample code for using the aio-lib-ims framework. Thanks
oliverf82757722
Level 2
Level 2
Hi @duypnguyen I've moved over to use the aio-lib-ims framework and now I'm getting the error again of 'The metascopes in the JWT are not a subset of the metascopes in the binding.' I have found the list of metascopes in the link I provided but I'm just not sure how to discover what the "metascopes in the binding" are? My current array is ['https://ims-na1.adobelogin.com/s/ent_adobeio_sdk'] (which was working before) but that was just a guess. Please could you help me in discovering which metascopes I have in the binding? Thanks
oliverf82757722
Level 2
Level 2
Oh! I read the fine print again. The sample code uses @adobe/jwt-auth which has metascopes as URLs. The `aio-lib-ims` framework has metascopes as names (so just the last part of the URL). Fixed now. Thanks 😄 Slowly getting there 🙂
duypnguyen
Employee
Employee
glad to hear it worked 🙂 Not sure why the jwt-auth one requires the whole URL, but yes the aio-lib-ims only requires the scope name. That's the array you usually get by downloading the workspace details JSON from Adobe Developer Console.