Auth0 Home Blog Docs

1 Website, 2 Facebook Login Button with different permissions: Is this possible?

We have a website www.website.com. There are two user types:

Type 1 “Normal User” logs in at www.website.com/login
We need just the basic facebook profile permissions

Type 2 “Special User” logs in at www.website.com/vip
We need to ask for elevated / extra privileges, like ads_management

Type 1 users should not be prompted for ads_management permission.

Sometimes, Type 2 users will use the button at /login which asks for the minimum set of privileges. Type 1 users will never use the /vip button.

How can we set the permissions required on a per-login-button basis versus setting them in the Auth0 UI?

You should go through the reference documentation available at (https://auth0.com/docs/connections/adding-scopes-for-an-external-idp#2-pass-scopes-to-authorize-endpoint). If you already tried that without success then you may need to provide additional information.

We’ve tried passing connection_scope but it doesn’t appear to work as documented. The elevated scopes appear fine when we add them to the Facebook App configuration within Auth0 ui

The ideal data to troubleshoot the situation with connection scopes not working would be for you to provide an HTTP trace containing all the requests since the initial authentication request until you land on a Facebook URL.

There’s instructions at (https://auth0.com/docs/troubleshoot/har) and you don’t need to actually authenticate as just seeing what scopes reach Facebook should be enough, nonetheless, be sure to redact any information you deem sensitive before sharing an HAR publicly.