Authorize endpoint not returning requested scopes

JBetz · July 26, 2018, 5:00pm

I’m trying to create an access token that is authorized for scope read:users in an Auth0 Management API, but the authorize endpoint isn’t returning it. The only one I can get it to return is openid, so it seems to be ignoring the rest. And I’ve verified that the access token indeed does not have that scope, because requests to endpoints that require it fail with an error about invalid scope.

Am I doing something wrong, or is this a bug? In any case, the `authorize

E.g., the request:

https://<tenant>/authorize
  ?response_type=code
  &client_id=X
  &connection=Username-Password-Authentication
  &redirect_uri=X
  &audience=X
  &scope=openid%20read%3Ausers

Returns:

{ "access_token":X"
, "scope":"openid"
, "expires_in":2592000
, "token_type":"Bearer"
}

JBetz · July 26, 2018, 5:01pm

*In any case, the authorize endpoint should return an error message about not being able to provide a requested scope, instead of failing silently as it is doing here.

konrad.sopala · August 19, 2019, 11:49am

Hey there!

Sorry for the delay in response. We do our best in providing answers and info as soon as possible but sometimes there are too many questions to cover. Sorry for the inconvenience!

Relaying your feedback to appropriate team right away! Once more sorry and thank you!

Topic		Replies	Views
Auth0 should return proper status code and alert message if user doesn't have access to given scope(s) Help	0	1550	June 9, 2022
No receiving IDToken Help	3	2378	July 8, 2020
Auth0 JWT doesn't have requested API Scopes Help jwt , scopes	10	4415	September 4, 2021
OAUTH Token request/response not sending scopes Help jwt , api , scopes , scope , postman	1	4361	December 30, 2019
IDToken not returned when additional scopes are defined Help	5	9023	September 3, 2019

Authorize endpoint not returning requested scopes

Related topics