Auth0 Delegated Admin Dashboard Missing Scope Read:Users

I followed the guide here https://auth0.com/docs/extensions/delegated-admin/v3 but am getting Missing scope read:users instead of the dashboard.

What I have done:

  • Created a single page application an called it Users Dashboard
  • Given the Users Dashboard application a callback and logout URL as specified in the documentation
  • I already had a database connection from my application and I have the disable signups toggle enabled
  • I ensured that the Users Dashboard application only has the one database connection
  • I already had a user in the database connection
  • I created a role titled “Delegated Admin - User” and assigned it to the user in the database
  • I then created the following rule
function (user, context, callback) {
if (true) {
    const namespace = 'https://MY_TENANT.eu8.webtask.io/auth0-delegated-admin';
    context.idToken[namespace] = {
        roles: (context.authorization || {}).roles
    };
}
callback(null, user, context);
}

I then installed the delegated admin extension, giving it the client ID of the Users dashboard I created.

Then I clicked on the extension, logged in using the user credentials in the database and got the error:
Oh snap! An error occurred while loading the users list: Cannot perform action. Missing scope read:users

Hi @samrobbins85,

welcome to the community.

Oh snap! An error occurred while loading the users list: Cannot perform action. Missing scope read:users

Can you post a screenshot of what the error looks like; wanting to see where exactly it occurs and what it looks like on screen.

Also, can you check if there’s any more info in the log details under Dashboard > Logs > Search


Just based on the error message you, I suggest to check one thing:

  1. get the client id of your application named auth0-delegated-admin
  2. go to Dashboard > APIs > Auth0 Management API > Test > copy/paste the token from there
  3. go to https://auth0.com/docs/api/management/v2#!/Client_Grants/get_client_grants
  4. copy the token from step 2 in the upper-left hand corner
  5. then enter the client id from step 1 into the client_id field under section “Get client grants” (see screenshot below)
  6. check the result if for the Auth0 Management API, it actually has the read:users scope. (see screenshot below)

Or easier:

  1. Turn the auth0-delegated-admin from a “Generic” into a “Regular Web App” in the settings, then…
  2. …it will appear under Dashboard > APIs > Auth0 Management API > Machine to Machine
  3. and you can check it’s permissions from there:

I tried the second option you gave but got the same error, it looks like this

I checked the logs and there were no failed requests