Why it is possible to make a request without access_token on Execute Authorization Policy request #198
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
In Auth0 Authorization Extension documentation access_token is mentioned as required, but in Rule generated by this extension allows to request using just header's x-api-key property for /api/users/{user_id}/policy/{client_id} endpoint:
request.post({ url: EXTENSION_URL + "/api/users/" + user.user_id + "/policy/" + context.clientID, headers: { "x-api-key": "{x-api-key}" }, json: { connectionName: context.connection || user.identities[0].connection, groups: user.groups }, timeout: 5000 }, cb);The text was updated successfully, but these errors were encountered: