Auth0 Application API Quckstart Doesn't Work - Missing Scopes

Hi,

I’ve got the authentication quick start working for my React SPA and that all works fine. The next step is securing my web api layer.

I download the API quickstart, which comes with my details pre-loaded e.g. audience, but it fails, in that the service that requires authorization returns a 401. If I debug it appears that the authentication response from Auth0 doesn’t have all the requested scopes, only ‘openid profile’. I can add ‘email’ to that but that is it. The custom scopes e.g. ‘read:messages’ are not there. When I first logged in the Auth0 login followed with a screen to ask if the tenant could get access to the scopes. If I go to the dashboard for this user and look at authorized applications for the correct audience it has the correct scopes that the SPA app wants.

I’ve looked at the access_token in jwt.io and there is nothing that looks like scope in there.

I tried adding the Authorization extension, created permissions with the same name as the scopes and I can see the roles now loaded as ‘app_metadata’ in my user JSON. However that doesn’t makes a difference.

  1. why isn’t the authentication result returning the scopes I requested?
  2. how do I easily associate a specific user with those scopes (maybe this will be resolved with question 1). I assume this means rules?
  3. I could look at wring my own rule to add a scope but it isn’t clear what data I should add and what it should look like. What does a scope structure look like on a user? I’d even be happy adding a scope manually to my user for the time being.

Thanks for your time.

Hey @gtb

As it has been more than a few months since this topic was opened and there has been no reply or further information provided from the community as to the existence of the issue we would like to check if you are still facing the described challenge?

We are more than happy to assist in any way! If the issue is still out there please let us know so we can create a new thread for better visibility, otherwise we’ll close this one in week’s time.

Thank you!

This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.