Add scopes to bearer token

evert · September 27, 2021, 1:14pm

I have successfully created an Angular SPA which communicates with a REST backed. For this backend, I created Permission (aka Scopes) like “read:persons”, “edit:persons” ect.

I also created a small C# program for which I like to do some testing with the REST backend. So I copied code from the auth0 ‘Test’ tab of my API application to get a token. This generates the following code for me:

var client = new RestClient("https://dev-<my auth0-url>.com/oauth/token");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"client_id\":\"<my-auth0-id>\",\"client_secret\":\"<my-auth-secret>\",\"audience\":\"<my-auth0-audience>\",\"grant_type\":\"client_credentials\"}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

Now, when I embed this code into my console application the scopes are missing from this token. It is not clear how to add these to the token, I tried adding something like:

 \"scope\":\"read:persons\"

but this fails.

How can I add the scope?

dan.woda · September 27, 2021, 9:04pm

Hi @evert,

Have you granted API access and assigned scopes to your C# application in the dashboard?

evert · September 29, 2021, 7:07am

Ah, I now see, it does not work this way, copying the generated C# code from the ‘Test’ tab. I started over and created a small test Windows UWP application and this works. I only needed to supply the scopes on creation in and the audience when logging in. Here is the code of the UWP view, maybe it helps others because the documentation is not obvious on this point (or I cannot find it):

Constructor:
public YourConstructor
{
  _client = new Auth0Client(new Auth0ClientOptions
  {
         Domain = "<your domain>",
         ClientId = "<your client id>",
         Scope = "openid email profile read:persons edit:persons <etcetera>" 
  });
}

Signin Button:
private async void SignIn_Click(object sender, RoutedEventArgs e)
{
    LoginResult loginResult = await _client.LoginAsync(new
    {
          audience = "https://<your audience>" //This is the identifier of your REST API
    }); 
    if (loginResult.IsError) return;

}

dan.woda · September 29, 2021, 10:20pm

Thanks for providing your solution!

Topic		Replies	Views
Two different token fetched via swagger and python Get Help apis , application	4	1203	May 31, 2023
Adding API scopes to google-oauth2 token Get Help jwt , auth0 , social-connections , scopes , login	2	6552	July 25, 2019
SPA + C# Web API Authorizing API with SPA access_token Get Help lock , jwt , auth0 , api	2	4207	July 25, 2019
Auth0 adding scopes for an API Get Help scopes , access-token , tokens	2	4569	March 2, 2018
Add custom scopes in the access token ( Authorization code flow with OIDC provider) Get Help	9	27510	June 24, 2022

Add scopes to bearer token

Related topics