Hi all,
I have a hard time understanding how API/scopes work, and I was hoping to get some help from you.
Actually, I have a running SPA application and a corresponding “machine to machine” API application linked (not even sure if the term is correct) to the auto-generated “Auth0 Management API”:
For testing purpose, I granted all the rights to that API, including the two rights I am interested in:
In my React app, I get a token from that API specifying the scope I want:
const accessToken = await getAccessTokenWithPopup({
audience: `https://${process.env.REACT_APP_AUTH0_DOMAIN}/api/v2/`,
scope: 'update:prompts'
});
And when I parse the token retrieved, I am clearly missing the wanted scope:
I thus cannot update the login interface labels with that token (my final goal).
In another hand, the token generated by the auth0 website for the API Explorer Application contain the wanted scope and I can update the said labels with it, so I am clearly doing something bad when retrieving a token programmatically… but what?