Cannot use the Auth0 Management API to update prompts

Hello, I am trying to update prompts in the new universal login. The permissions include update:prompts but when I copy the token(or generate a token) i get a 403 when calling the endpoint.

url
https://<my-auth-domain>/api/v2/prompts/login/custom-text/en

request object

{
    "login": {
        "footerLinkText": "",
        "footerText": ""
    }
}

response

{
    "statusCode": 403,
    "error": "Forbidden",
    "message": "Insufficient scope, expected any of: update:prompts",
    "errorCode": "insufficient_scope"
}

When i put the token into jwt.io it does not include this scope. Not sure how to get the copied/generated token to include this scope.

Hey @bstaley0,

You can always get the management API access tokens for testing using the steps below:

They include all the scopes.

Let me know if that helps!

Regards,
Sid

1 Like

Hey Sidharth,

Iโ€™m sorry maybe my post was confusing. I already have the token. Iโ€™ve both generated via api call and copied it with the same result. Maybe I could clarify a little further. Here are my steps:

  1. copy the Auth0 Management API token, which seems to have all the permissions. in particular, i need this one
  2. open postman and try a put with the below and the token from step 1
https://<my-auth-domain>/api/v2/prompts/login/custom-text/en
{
    "login": {
        "footerLinkText": "",
        "footerText": ""
    }
}
  1. get a result of
{
    "statusCode": 403,
    "error": "Forbidden",
    "message": "Insufficient scope, expected any of: update:prompts",
    "errorCode": "insufficient_scope"
}

I am wondering why i get a 403. if i put the copied token into jwt.io i get the following scopes:

"read:client_grants create:client_grants delete:client_grants update:client_grants read:users update:users delete:users create:users read:users_app_metadata update:users_app_metadata delete:users_app_metadata create:users_app_metadata create:user_tickets read:clients update:clients delete:clients create:clients read:client_keys update:client_keys delete:client_keys create:client_keys read:connections update:connections delete:connections create:connections read:resource_servers update:resource_servers delete:resource_servers create:resource_servers read:device_credentials update:device_credentials delete:device_credentials create:device_credentials read:rules update:rules delete:rules create:rules read:rules_configs update:rules_configs delete:rules_configs read:email_provider update:email_provider delete:email_provider create:email_provider blacklist:tokens read:stats read:tenant_settings update:tenant_settings read:logs read:shields create:shields delete:shields read:anomaly_blocks delete:anomaly_blocks update:triggers read:triggers read:grants delete:grants read:guardian_factors update:guardian_factors read:guardian_enrollments delete:guardian_enrollments create:guardian_enrollment_tickets read:user_idp_tokens create:passwords_checking_job delete:passwords_checking_job read:custom_domains delete:custom_domains create:custom_domains read:email_templates create:email_templates update:email_templates read:mfa_policies update:mfa_policies read:roles create:roles delete:roles update:roles"

as you can see it is missing scopes. there are no prompts scopes. why? hope this gives some clarification.

Thanks,

Brandon

Hey Brandon,

It might be because your API Explorer Application in the tenant is not Authorized with these scopes which you need.

Can you please go to your tenant โ†’ Applications โ†’ API Explorer Application โ†’ Apis Tab โ†’ There you will find Auth0 Management API as one APIs listed which is Authorized. If you click on the โ€œ>โ€ arrow next to the Authorized toggle for the API you will see all the scopes, you can select all and save. After that, you can go to the same steps as I suggested before to see if you have now all the scopes.

Screenshot for reference:

Regards,
Sid

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.