Custom social connect injects unwanted scopes

imponenm · May 9, 2024, 4:13pm

Hey all, I’m trying to configure a custom social connection for TikTok.

In theory it’s setup correctly, but Auth0’s Custom Social Extension seems to be injected unwanted scopes that don’t work with TikTok’s /authroize endpoint. I just want to be adding “user.info.basic,user.info.stats”, but the full scope param that Auth0 uses winds up being

“https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid,user.info.basic,user.info.stats”

This is super strange considering it’s using a mix of spaces and commas. Also, there’s nowhere in my configuration where I setup those basic google scopes. I only configured TikTok scopes.

Any advice on this? Is the custom social extension still a tool that I should even be using? I noticed the latest update on GitHub was from 3 years ago

Thanks

imponenm · May 9, 2024, 4:57pm

I figured out my own issue. Those scopes were coming from a connection_scope value I set in my handleAuth() function in my nextJS /login/callback route

I need to check if the social provider is google or my custom connection, and adjust the scope accordingly

system · May 23, 2024, 4:57pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Pass additional scopes/permissions to a Social Connection Knowledge Articles	1	5685	January 13, 2021
Social connect to snapshot got 500 Invalid scope Help connections , other-built-in-social-connections	0	122	June 6, 2024
Custom social connection : ID token signature not checked Help	0	1136	October 7, 2022
Missing id_token in Custom Social Connection fetch user profile script Help custom-social-connec	0	3420	July 8, 2020
Custom social connection - Failed to obtain access token Help user-management , account-linking	1	28	October 10, 2024

Custom social connect injects unwanted scopes

Related Topics