Auth0 Home Blog Docs

auth0-lock v11.2 sso is not working



auth0-lock calls /authorizeendpoint to fetch sso data.
Although in lock config I specify the scope: 'openid'

const lock = new Auth0LockPasswordless(
        container: 'lock-container',
        auth: {
          autoParseHash: false,
          redirect: false,
          params: {scope: 'openid'}

I see the request id_token&redirect_uri=http://localhost:3000/signin&scope=openid profile email&state=Qi9dIm2Xas-XoChMi~cTM1JY-MMinY-Y&nonce=u9hteNLakSoxy-O31FcHSfCqzqUBLjfl&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoibG9jay5qcyIsInZlcnNpb24iOiIxMS4yLjMiLCJsaWJfdmVyc2lvbiI6IjkuMi4zIn0=

scope=openid profile email
It results in an error:

   "error_description":"The generated token is too large. Try with more specific scopes.",

How can I change the scope in the sso request?


Can you check if your client is OIDC conformant? You can check it in the client’s settings in the dashboard, selecting your client and then scrolling down and clicking Show Advanced Settings. Under the OAuth tab there is a OIDC Conformant switch. In older non-OIDC Conformant clients, the id token will contain all the user profile, which may trigger this The generated token is too large. error. You can try enabling OIDC for your client, which will only return the standard claims back in the token and will not trigger this error.

You can read more about it here: