Custom social connect injects unwanted scopes

imponenm · May 9, 2024, 4:13pm

Hey all, I’m trying to configure a custom social connection for TikTok.

In theory it’s setup correctly, but Auth0’s Custom Social Extension seems to be injected unwanted scopes that don’t work with TikTok’s /authroize endpoint. I just want to be adding “user.info.basic,user.info.stats”, but the full scope param that Auth0 uses winds up being

“https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid,user.info.basic,user.info.stats”

This is super strange considering it’s using a mix of spaces and commas. Also, there’s nowhere in my configuration where I setup those basic google scopes. I only configured TikTok scopes.

Any advice on this? Is the custom social extension still a tool that I should even be using? I noticed the latest update on GitHub was from 3 years ago

Thanks

imponenm · May 9, 2024, 4:57pm

I figured out my own issue. Those scopes were coming from a connection_scope value I set in my handleAuth() function in my nextJS /login/callback route

I need to check if the social provider is google or my custom connection, and adjust the scope accordingly

system · May 23, 2024, 4:57pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.