jsonwebtoken icon indicating copy to clipboard operation
jsonwebtoken copied to clipboard
verified publisher icon Keats

Feature Request: Validate scopes

Open c-thiel opened this issue 10 months ago • 1 comments

A common use-case, that currently requires custom code, is checking whether the token contains a specified scope. It would be great if scope checking could be added to the Validation.

c-thiel avatar Jan 29 '25 15:01 c-thiel

Do you have an example of what your scope checking looks like?

Keats avatar Jan 30 '25 10:01 Keats

scope isn't a standardized claim for JWTs per RFC 7519. It is standardized for OAuth 2.0 Token Exchange in RFC 8693, but jsonwebtoken is not an OAuth library. This seems like something better left to an OAuth 2.0 library built on top of jsonwebtoken.

dsykes16 avatar Oct 08 '25 00:10 dsykes16

Great point, for some reasons I thought it was in the JWT spec.

Keats avatar Oct 09 '25 07:10 Keats