Custom social connect injects unwanted scopes

imponenm · May 9, 2024, 4:13pm

Hey all, I’m trying to configure a custom social connection for TikTok.

In theory it’s setup correctly, but Auth0’s Custom Social Extension seems to be injected unwanted scopes that don’t work with TikTok’s /authroize endpoint. I just want to be adding “user.info.basic,user.info.stats”, but the full scope param that Auth0 uses winds up being

“https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid,user.info.basic,user.info.stats”

This is super strange considering it’s using a mix of spaces and commas. Also, there’s nowhere in my configuration where I setup those basic google scopes. I only configured TikTok scopes.

Any advice on this? Is the custom social extension still a tool that I should even be using? I noticed the latest update on GitHub was from 3 years ago

Thanks

imponenm · May 9, 2024, 4:57pm

I figured out my own issue. Those scopes were coming from a connection_scope value I set in my handleAuth() function in my nextJS /login/callback route

I need to check if the social provider is google or my custom connection, and adjust the scope accordingly

Topic		Replies	Views
Add additonal scopes to Social Connection in outh0 Get Help auth0	3	2505	June 25, 2021
Scopes for a custom social connection Get Help auth0 , social-connections , scopes , social , custom-social-connec	0	2193	June 1, 2022
Auth0 Custom Social Connection To Google OAuth2 - Invalid Scope Get Help connections , google-social-connection	1	1829	December 20, 2023
Two social (GitHub) connections for different scopes Get Help social-connections , scopes , github , custom-social-connec	3	3951	July 7, 2021
Adding API scopes to google-oauth2 token Get Help jwt , auth0 , social-connections , scopes , login	2	6553	July 25, 2019

Custom social connect injects unwanted scopes

Related topics