Additional scopes when Authenticating via OIDC

abee · March 14, 2018, 7:01pm

Hi,

I am following the Web App > ASP.NET Core quick-start.

It uses Cookie and OIDC middleware. I am adding scopes to the OIDC authorisation request in order to be able to invoke the Management API. Such as:
// Configure the scope options.Scope.Clear(); options.Scope.Add(“openid”); options.Scope.Add(“profile”); options.Scope.Add(“read:users”); options.Scope.Add(“read:user_idp_tokens”);

I have added the ‘audience’ parameter to the management API as per the docs (but that doesn’t really matter here).
options.Events = new OpenIdConnectEvents { OnRedirectToIdentityProvider = context => { context.ProtocolMessage.SetParameter(“audience”, “xxxxxxxxxxxxxxxxx/api/v2/”);


                    return Task.FromResult(0);
                },

However the access token I receive back only contain the ‘openid profile’ scopes. Why do I not get back the other scopes. Is it possible to specify other scopes? Do I have to specific make a round-trip to explicitely ask for access token by means of posting a request to xxxxxxxxxxxxxxx/oauth/token?

What if a define custom scope to my own API’s? Will I not be able to get authorization for them with defined custom scopes?

ron1 · May 15, 2018, 6:19pm

I’m running into a similar problem. Scopes openid, email and profile work, but the scope ‘read:users’ is ignored and the access token I receive back is missing that scope.

ron1 · May 15, 2018, 6:24pm

then when I try to read users I get this reply:

{“statusCode”:403,“error”:“Forbidden”,“message”:“Insufficient scope, expected any of: read:users,read:user_idp_tokens”,“errorCode”:“insufficient_scope”}

ron1 · May 15, 2018, 8:54pm

If I use https://ampogee.auth0.com/api/v2/’ as an audience, it ignores the read:users in the scope

manickam · November 29, 2018, 5:18pm

I’m running into a similar problem. Scopes openid, email and profile work, but the scope ‘read:users’ is ignored and the access token I receive back is missing that scope.

James.Morrison · December 1, 2018, 2:09am

Hey there @manickam, do you mind sharing your scope setup when you get a free moment? Thanks in advance!

James.Morrison · December 5, 2018, 2:39pm

Following up @manickam and seeing if we can get a code snippet of your scope setup when you get a chance. Thanks!

James.Morrison · December 20, 2018, 2:40pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
scopes missing from id_token but present in access_token Help id_token	2	4000	March 2, 2018
Id token, IdP provided user information and the Authorization Extension Help authentication-api , profile , authorization-extens , login	2	4401	August 30, 2019
Scope not working for newer Clients/Lock (OIDC Conformant)? Help lock , scopes , oidc-conformant	5	5281	March 2, 2018
Trying to understand 'openid' in 'scope' field in authorize() method Help	2	6943	August 30, 2019
Azure API Management with Auth0 OIDC Help azure , auth0-api	5	4869	March 2, 2018

Additional scopes when Authenticating via OIDC

Related Topics