Hello, I’m using "@auth0/auth0-angular": "^2.2.1"
and following the Quick Start tutorial I’ve added the following in the app.module.ts
AuthModule.forRoot({
domain: '<auth0 domain>',
clientId: '<client id>',
authorizationParams: {
redirect_uri: window.location.origin,
audience: '<auth0 audience>',
scope: 'openid read:current_user read:positions read:skill_tests'
},
...
When the login request happens using the this.auth.loginWithRedirect()
I can see the scopes being set correctly in the request:
But then the token returned doesn’t have all the scopes that were requested.
Moreover, when I try to call the API that has the missing two scopes from above, I get an error:
ERROR Error: Consent required
I’m using the library’s httpInteceptor
AuthModule.forRoot({
...
httpInterceptor: {
allowedList: [
{
uri: 'http://127.0.0.1:4201/*',
tokenOptions: {
authorizationParams: {
audience: '<api audience>',
scope: 'read:positions read:skill_tests'
}
}
}
]
...
The Permissions are set correctly in the Custom API, the RBAC Settings are both on, and when using the Test “ask auth0 for token for my application” and “sending the token to the API” it works correctly and I can see the permissions being set.
The User has both of the permissions required in his profile.