Auth0 scope not returning all requested values

Hi,
I’m currently trying to create a simple app in unity that gets a users details and the organizations they’ve been assigned to,
I’ve got the request setup to use the scope “openid profile read:organizations” however, my request only returns “openid profile”.
other combinations like “openid profile organizations:read” return the same.

What would I need to change to allow me to get access to organizations in this way?
thanks for your help.

Hi @fbeake ,

Welcome to the Auth0 Community!

I tested with the read:organizations scope and it works fine for me.

Here is my request:

https://{my domain}/authorize?response_type=code&client_id={my client id}&redirect_uri=http://localhost:3000&scope=openid%20profile%20email%20read%3Aorganizations&state=STATEabc1235

Hope it helps!

Hi, @lihua.zhang Thanks for the quick response,
I’ve given this a try and I’m now returning the scopes openid profile email, but still doesn’t have read organizations .
is there any additional app configuration I may need to do in order to get the correct response?
thanks again,

Could you please repeat this issue and DM me the HAR file?

Hello!

I’m having the exact same issue: I’m using Authorization Code flow to retrieve an Authentication token from an Application that’s linked to the Management API, and I can’t get the scopes either:

These are the permissions allowed in the machine-to-machine app:

Here I have the Authorization Code flow setup in a Postman Collection

The scope I want to retrieve is the read:organization_members one and its stored in the {{SCOPE}} variable and passed to the /authorize endpoint like you show in the picture:

(I’ll write another message below because I can’t embed more than 3 pictures)

(Continuing the message above)

I can generate the token properly, but it doesn’t return the scopes:

What’s funny is that using the Client Credentials flow, I can get the scope properly:

Here’s the Postman setup with Client Credentials flow:

And this is the token that it generates, with the expected scope included:

Am I missing something when I try to use Authentication Code flow with the Management API, or is this a restriction of the Management API (this document explains how to get the auth token for the Management API with the Client Credentials flow only?

Thanks in advance,

Santiago

1 Like

Having the same exact issue, am going a bit crazy over this. @santiago.ldg , @lihua.zhang , @fbeake , any thoughts/updates?

My situation is the same exact as Santiago - getting openid profile email but not the rest of the scopes. When I do M2M it works fine.

Doing some digging in my network calls, seems the react library is not adding the audience to /token requests. Not sure what the work around is here.

I have found that setting the responseType to both “token id_token” causes Auth0 to not return scopes in the auth token. But if I change response type to “token”, then the scopes are included in the auth token. This is pretty frustrating.