I have a rule to add a custom scope if a certain condition is met, the code looks like this:
function (user, context, callback) {
if(something == true){
var scopes = context.accessToken.scope ? context.accessToken.scope : "";
scopes += user.app_metadata && user.app_metadata.scopes ? " "+user.app_metadata.scopes : "";
scopes += "customScope"; //we add in a default scope
context.accessToken.scope = scopes;
}
return callback(null, user, context);
}
However if I set this custom scope, in this manner, all other scopes are removed. This includes any scope (permissions) assigned directly to the user or assigned via roles.
How can I add an additional scope, while still allowing for any additional scopes to be handled by Auth0 as normal?