Authorize endpoint not returning requested scopes

JBetz · July 26, 2018, 5:00pm

I’m trying to create an access token that is authorized for scope read:users in an Auth0 Management API, but the authorize endpoint isn’t returning it. The only one I can get it to return is openid, so it seems to be ignoring the rest. And I’ve verified that the access token indeed does not have that scope, because requests to endpoints that require it fail with an error about invalid scope.

Am I doing something wrong, or is this a bug? In any case, the `authorize

E.g., the request:

https://<tenant>/authorize
  ?response_type=code
  &client_id=X
  &connection=Username-Password-Authentication
  &redirect_uri=X
  &audience=X
  &scope=openid%20read%3Ausers

Returns:

{ "access_token":X"
, "scope":"openid"
, "expires_in":2592000
, "token_type":"Bearer"
}

JBetz · July 26, 2018, 5:01pm

*In any case, the authorize endpoint should return an error message about not being able to provide a requested scope, instead of failing silently as it is doing here.

konrad.sopala · August 19, 2019, 11:49am

Hey there!

Sorry for the delay in response. We do our best in providing answers and info as soon as possible but sometimes there are too many questions to cover. Sorry for the inconvenience!

Relaying your feedback to appropriate team right away! Once more sorry and thank you!

Topic		Replies	Views
Trobles with getting APIs scopes Get Help scopes , authorization	3	4360	March 2, 2018
Auth0 should return proper status code and alert message if user doesn't have access to given scope(s) Get Help	0	1561	June 9, 2022
Insufficient scope error when calling authorization extension API Get Help api-authorization	7	13307	March 2, 2018
User is not authorized to the audience for those scopes Get Help authentication	2	4658	July 25, 2019
Access Token scope issue Get Help audience , access-token , scope	5	5647	August 27, 2019

Authorize endpoint not returning requested scopes

Related topics