Auth0 Home Blog Docs

Authorize endpoint not returning requested scopes

login

#1

I’m trying to create an access token that is authorized for scope read:users in an Auth0 Management API, but the authorize endpoint isn’t returning it. The only one I can get it to return is openid, so it seems to be ignoring the rest. And I’ve verified that the access token indeed does not have that scope, because requests to endpoints that require it fail with an error about invalid scope.

Am I doing something wrong, or is this a bug? In any case, the `authorize

E.g., the request:

https://<tenant>/authorize
  ?response_type=code
  &client_id=X
  &connection=Username-Password-Authentication
  &redirect_uri=X
  &audience=X
  &scope=openid%20read%3Ausers

Returns:

{ "access_token":X"
, "scope":"openid"
, "expires_in":2592000
, "token_type":"Bearer"
}

#2

*In any case, the authorize endpoint should return an error message about not being able to provide a requested scope, instead of failing silently as it is doing here.