Auth0 Home Blog Docs

Access Token scope issue



I’ve been struggling with auth-js bundle trying to get an access token with the following scopes: read:usersand read:user_idp_tokens as mentioned on this answer and using audience: YOUR_AUTH0_DOMAIN/userinfo as documented here.

The thing is, regardless of the scopes I include, the obtained token will never include any of them, and I just checked that by copying the token and testing it here.

Am I missing something?


The answer you linked to mentions that you need to request those scopes when performing a client credentials grant; to my knowledge Auth0.js does not have a method for that as that library is mostly for browser-based usage and those application would be unable to maintain the client secret required for that grant secret.

If you check this section of the node-auth0 library you’ll see an example to obtain a Management API token through that grant.


So, are you trying to say that client library (auth0-js) does not support all the scopes? Because that’s my problem, I need those scopes (read:users read:user_idp_tokens).


I solved this using a custom API for the configured audience, so by using YOUR_AUTH0_DOMAIN/userinfo as audience this will not work (can’t tell why), so I configured the api to Allow Skipping User Consent, if this option is not enabled, for some unknown reason I will get an error callback: ...#error=access_denied&error_description=User%20is%20not%20authorized.


It’s not the library; certain Management API scopes are only available when using the client credentials grant and Auth0.js is mostly to perform end-user based grants. So if you perform an end-user based flow/grant through Auth0.js targeting the Management API you won’t get those scopes; blame the grant not the library.