Auth0-react is not accepting scopes

I’m using auth0-react in my application to authenticate users. I’m trying to get the refresh token, but every time I add the scope, it’s getting overwritten by the default scopes.
Here’s the provider data

        <Auth0Provider
          domain={ENVIRONMENT}
          clientId={ENVIRONMENT}
          authorizationParams={{
            redirect_uri:  CALLBACK_URL,
            audience: ENVIRONMENT,
            scope: 'openid profile email offline_access',
          }}
        >

Here’s the loginWithRedirect

      loginWithRedirect({
        authorizationParams: { scope: 'openid profile email offline_access' },
      }).catch(console.error);

and here is getting access token

        accessToken = await getAccessTokenSilently({
          timeoutInSeconds: 1,
          authorizationParams: { scope: 'openid profile email offline_access' },
        });

Whenever I send the request, it’s always without the offline_access scope.

I also have the refresh token enabled for the app

image776×429 21.9 KB

Hey there @omar.muhtaseb welcome to the community!

Interesting Does setting useRefreshTokens={true} in Auth0Provider cause the offline_access scope to be included?

I added that as well

But it is still the same, this is the getTokenSilently request

Thanks for confirming - Does the API which you are using as audience have the “allow offline access” option toggled?

I don’t see this option in my API

image1030×402 22 KB

Are you by chance using the management API as your audience (https://{your_domain}/api/v2)?

Yes, that’s the API I’m using.
Based on what you just shared, do I need to create another API to get a refresh token? I need to implement the offline access in my case.

Thanks for confirming!

Yes, you will need to register an API in Auth0. At that point you will be able to add the offline_access scope and use refresh tokens.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.