Does 'scope:' do anything when using Client Credentials?

nicolas_sabena · December 23, 2018, 5:02pm

The scope parameter is ignored on the client credentials grant (see Client credentials request ignores scope parameter? for a discussion on this).

As for the audience, the ManagementClient defaults to the regular API v2 audience (https://{your_auth0_domain}/api/v2/) based on the domain configured:

github.com

auth0/node-auth0/blob/ededae32b7b4e8999aa9734aae7c8da3af442722/src/management/index.js#L111


      
          var managerOptions = {
            headers: {
              'User-agent': 'node.js/' + process.version.replace('v', ''),
              'Content-Type': 'application/json'
            },
            baseUrl: baseUrl
          };
          
          
if (options.token === undefined) {
            var config = assign(
              { audience: util.format(MANAGEMENT_API_AUD_FORMAT, options.domain) },
              options
            );
          
          
  if (options.tokenProvider) {
              config.enableCache = options.tokenProvider.enableCache;
              config.cacheTTLInSeconds = options.tokenProvider.cacheTTLInSeconds;
              delete config.tokenProvider;
            }
          
          
  this.tokenProvider = new ManagementTokenProvider(config);

Topic		Replies	Views
Client credentials request ignores scope parameter? Help scope , client-credentials	5	7474	January 31, 2019
Access Token scope issue Help audience , access-token , scope	5	5609	August 27, 2019
Configure permission on client Help	4	1755	November 5, 2021
Create Client Grant for client with non-existing Scope Help management-api , client-grants	0	1243	May 2, 2023
Management API - retrieve users by audience Help management-api , users , audience , manage-users	4	6252	March 2, 2018

Does 'scope:' do anything when using Client Credentials?

Related topics