Custom social connect injects unwanted scopes

imponenm · May 9, 2024, 4:13pm

Hey all, I’m trying to configure a custom social connection for TikTok.

In theory it’s setup correctly, but Auth0’s Custom Social Extension seems to be injected unwanted scopes that don’t work with TikTok’s /authroize endpoint. I just want to be adding “user.info.basic,user.info.stats”, but the full scope param that Auth0 uses winds up being

“https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid,user.info.basic,user.info.stats”

This is super strange considering it’s using a mix of spaces and commas. Also, there’s nowhere in my configuration where I setup those basic google scopes. I only configured TikTok scopes.

Any advice on this? Is the custom social extension still a tool that I should even be using? I noticed the latest update on GitHub was from 3 years ago

Thanks

imponenm · May 9, 2024, 4:57pm

I figured out my own issue. Those scopes were coming from a connection_scope value I set in my handleAuth() function in my nextJS /login/callback route

I need to check if the social provider is google or my custom connection, and adjust the scope accordingly

system · May 23, 2024, 4:57pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
TikTok Custom Social Connection Help custom-login , custom-social-connec	2	2960	February 1, 2023
Auth0 Custom Social Connection To Google OAuth2 - Invalid Scope Help connections , google-social-connection	1	1434	December 20, 2023
Scopes for a custom social connection Help auth0 , social-connections , scopes , social , custom-social-connec	0	2151	June 1, 2022
TikTok Social Login Help social-connections	3	2715	February 1, 2023
Allow adding custom query params to custom social connection /token calls Feedback custom-social-connec , oauth2	3	1730	February 1, 2023

Custom social connect injects unwanted scopes

Related Topics