Custom social connect injects unwanted scopes

Hey all, I’m trying to configure a custom social connection for TikTok.

In theory it’s setup correctly, but Auth0’s Custom Social Extension seems to be injected unwanted scopes that don’t work with TikTok’s /authroize endpoint. I just want to be adding “user.info.basic,user.info.stats”, but the full scope param that Auth0 uses winds up being

https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid,user.info.basic,user.info.stats”

This is super strange considering it’s using a mix of spaces and commas. Also, there’s nowhere in my configuration where I setup those basic google scopes. I only configured TikTok scopes.

Any advice on this? Is the custom social extension still a tool that I should even be using? I noticed the latest update on GitHub was from 3 years ago

Thanks

I figured out my own issue. Those scopes were coming from a connection_scope value I set in my handleAuth() function in my nextJS /login/callback route

I need to check if the social provider is google or my custom connection, and adjust the scope accordingly

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.