Auth0 Home Blog Docs

Device Code and custom scopes for Access Tokens

I’m trying to add custom scopes to an Access Token when performing Device Flow authentication. Whenever the Access Token is returned, they only scope available is “offline access”

The request is as follows:
curl -H ‘Content-Type:application/x-www-form-urlencoded’ -H ‘Accept-Encoding:gzip’ -X POST ‘https://bcd.auth0.com/oauth/device/code’ --data-binary ‘audience=https%3A%2F%2Fpltcloud.com&client_id=j_C0QQvnet1ZcK7W_BuENymAu_stdlqv&scope=upload%3Alogs+offline_access’

The response is as follows:

{
"device_code": "ueu9DRm9SJs4kfFSQyUMpG-A",
"expires_in": 900,
"interval": 5,
"user_code": "WHWH-CXVV",
"verification_uri": "https://bcd.auth0.com/activate",
"verification_uri_complete": "https://bcd.auth0.com/activate?user_code=WHWH-CXVV"

}

After completing the verification flow, I make the following request:
curl ’ -H ‘Content-Type:application/x-www-form-urlencoded’ -H ‘Accept-Encoding:gzip’ -X POST ‘https://bcd.auth0.com/oauth/token’ --data-binary ‘client_id=j_C0QQvnet1ZcK7W_BuENymAu_stdlqv&device_code=ueu9DRm9SJs4kfFSQyUMpG-A&grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Adevice_code’

The Access Token that comes back has only “offline_access” scope.

{

“iss”: “https://bcd.auth0.com/”,
“sub”: “github|792171”,
“aud”: “https://pltcloud.com”,
“iat”: 1568411059,
“exp”: 1568497459,
“azp”: “j_C0QQvnet1ZcK7W_BuENymAu_stdlqv”,
“scope”: “offline_access”,
“permissions”: []
}

Is it possible to add a custom scope for device flow? The Application is set as OIDC compliant and the “upload:logs” scope is set on the “https://pltcloud.com” API.

Hi @ericr,

According to this doc you should have no problem requesting custom scopes.

Have you registered the API and added the scopes? How about enabling the scopes for the client (device flow app).

Let me know,
Dan

Hi @dan.woda ,

I was able to resolve by removing “Role Based Access Control” from the API endpoint.

Regards,

Eric

1 Like

Thanks for reaching out with the confirmation.

Best,
Dan