Auth0 scope not returning all requested values

Help
, ,
#1

Hi,
I’m currently trying to create a simple app in unity that gets a users details and the organizations they’ve been assigned to,
I’ve got the request setup to use the scope “openid profile read:organizations” however, my request only returns “openid profile”.
other combinations like “openid profile organizations:read” return the same.

What would I need to change to allow me to get access to organizations in this way?
thanks for your help.

#3

Hi @fbeake ,

Welcome to the Auth0 Community!

I tested with the read:organizations scope and it works fine for me.

Here is my request:

https://{my domain}/authorize?response_type=code&client_id={my client id}&redirect_uri=http://localhost:3000&scope=openid%20profile%20email%20read%3Aorganizations&state=STATEabc1235

image
image1920×1119 118 KB

Hope it helps!

#4

Hi, @lihua.zhang Thanks for the quick response,
I’ve given this a try and I’m now returning the scopes openid profile email, but still doesn’t have read organizations .
is there any additional app configuration I may need to do in order to get the correct response?
thanks again,

#5

Could you please repeat this issue and DM me the HAR file?

#6

Hello!

I’m having the exact same issue: I’m using Authorization Code flow to retrieve an Authentication token from an Application that’s linked to the Management API, and I can’t get the scopes either:

These are the permissions allowed in the machine-to-machine app:

image
image2040×1442 232 KB

Here I have the Authorization Code flow setup in a Postman Collection

image
image1082×1154 80.7 KB

The scope I want to retrieve is the read:organization_members one and its stored in the {{SCOPE}} variable and passed to the /authorize endpoint like you show in the picture:

image
image3508×130 74 KB

(I’ll write another message below because I can’t embed more than 3 pictures)

#7

(Continuing the message above)

I can generate the token properly, but it doesn’t return the scopes:

image
image1556×866 29.1 KB

What’s funny is that using the Client Credentials flow, I can get the scope properly:

Here’s the Postman setup with Client Credentials flow:

image
image1106×790 57.8 KB

And this is the token that it generates, with the expected scope included:

image
image1552×878 32.4 KB

Am I missing something when I try to use Authentication Code flow with the Management API, or is this a restriction of the Management API (this document explains how to get the auth token for the Management API with the Client Credentials flow only?

Thanks in advance,

Santiago