I have added a permission to my API under the permissions tab (XXXX:test) an in my actual api (in AWS) I have provided XXXX:test as a scope to the JWT verifier. Adding XXXX:test to my machine to machine client works well, tho when ever a user signs up (or logs in) the
a) user consent never shows XXXX:test
b) the returned scopes in the access token never have XXXX:test
following all the steps in Sample Use Cases: Scopes and Claims never add the custom scope to my access token
I don’t really want to resort to hard coding a scope in a rule (I was not successful anyway) tho I can not for the life if me get the scope into my access token. Any pointers will be helpfull
Here is a request to auth0 pkce flow we are making
AuthorizationRequest {crypto: NodeCrypto, usePkce: true, clientId: “CCCC”, redirectUri: “http://127.0.0.1:8000”, scope: “openid offline_access profile email XXXX:test”, …}
clientId:“CCCC”
crypto:NodeCrypto {}
extras:{prompt: “consent”, access_type: “offline”, audience: “https://UUUU.com”, code_challenge: “-Dmmmm”, code_challenge_method: “S256”}
internal:{code_verifier: “someVerfiyer”}
redirectUri:“http://127.0.0.1:8000”
responseType:“code”
scope:“openid offline_access profile email XXXX:test”
state:“someState”
usePkce:true
also, I attempted to use the example provided
https://my-company.us.auth0.com/authorize?response_type=code&client_id=myCllientId&redirect_uri=http://myredirect&scope=openid%20profile%20email%20XXXX:test&state=myState
and got a 404
so now I am really confused