Hello everyone,
I read these topics [ Updating Application Scopes via API ; I can not set API permissions from Postman ] but couldn’t understand how to solve my problem.
I’m simply trying to add more items to the scope list, but unfortunately, I keep returning this message below.
{
"statusCode": 400,
"error": "Bad Request",
"message": "Payload validation error: 'Additional properties not allowed: scopes'.",
"errorCode": "invalid_body"
}
I noticed that you prefer to send some request examples as well. Below is an example request.
curl -L -X PATCH 'https://my-tenant.eu.auth0.com/api/v2/resource-servers/{resource_server_id}' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer MyValidToken' \
-d '{"scopes":[{"description":"Read Client Grants","value":"read:client_grants"},{"value":"read:permissions","description":"Test to add Read Permission Scope"}]}'
I’ve already tried to fully populate the object presented in the API example in the documentation here. And even then, it was not possible.
I think that problem is because I’m using an Application of type “Machine to Machine” but, I’m not sure.
Can someone kindly help me?
Some Possible Causes:
- Incorrect API endpoint or payload format.
- “Machine to Machine” application type may have limitations.
Solution:
- Endpoint: Make sure you’re using the correct endpoint for updating the Resource Server.
- Payload: Ensure the payload is in the correct format as per Auth0 documentation.
Here’s a revised curl
command:
curl -X PATCH 'https://my-tenant.eu.auth0.com/api/v2/resource-servers/{resource_server_id}' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer MyValidToken' \
-d '{
"name": "your_resource_server_name",
"identifier": "your_resource_server_identifier",
"scopes": [
{"value": "read:client_grants", "description": "Read Client Grants"},
{"value": "read:permissions", "description": "Read Permissions"}
]
}'
-
Machine to Machine: If you’re using a Machine to Machine application, verify if it has limitations on modifying scopes.
-
Token: Make sure the token (MyValidToken
) has the necessary permissions to update the Resource Server.
-
Logs: Check Auth0 logs for more details on the error.
If the issue persists, consider reaching out to Auth0 support.
1 Like
Hi @suchislife801
I tried using your suggestion above and then
{
"statusCode": 400,
"error": "Bad Request",
"message": "Payload validation error: 'Additional properties not allowed: identifier'.",
"errorCode": "invalid_body"
}
I tried following the example from Auth0 API Documentation.
I only filled in the fields that are in the documentation and even so it returns the error message saying that the fields are invalid.
{
"statusCode": 400,
"error": "Bad Request",
"message": "Payload validation error: 'Additional properties not allowed: scopes,name'.",
"errorCode": "invalid_body"
}
// When I tried the complete object as documentation
"message": "Payload validation error: 'Additional properties not allowed: scopes,signing_alg,token_lifetime_for_web,allow_offline_access,name'.",
I also looked in the ‘Logs’ and there are no logs being written about this issue…
I tried by ‘Postman’ and there are no logs as well.
Seriously, I don’t know why this is happening!
And about the Limitations take a look on this screen.
What do you think about it?