I’m just experimenting with the platform and I was trying to setup an api+client and have some scopes associated with it.
Following the documentation I was able to very quickly set up an API and a client to test it with and I’ve authorized this client on my api. On this api I’ve requested a few scopes. When using my client_id + client secret to request a token+scope I get an error that my client hasn’t been given access to my scope.
I’m curious as to why that is, as I see no way to grant my client any further permissions on my API. Is it that a client credentials grant cannot request a granular scope? I’d be interested if there’d be any relevant documentation that could point me in the right direction.
Example:
curl --request POST --url https://ldubbz.auth0.com/oauth/token --header 'content-type: application/json' --data '{"client_id":"client_id","client_secret":"client_Secret","audience":"http://localhost:3000","grant_type":"client_credentials","scope":"meow"}'
{"error":"access_denied","error_description":"Client has not been granted scopes: meow"}
The scope meow definitely does exist on my API.
Have in mind that you need to authorize the client application and also select the scopes that it will be allowed to request. Technically, it’s possible for an application to be authorized for an API without actually selecting any scope; if you then perform a client credentials grant request asking for a scope the request would fail with that error.
1 Like
It seems my reply got ate by the system and I don’t see it anymore, but I did find documentation about granting client scopes via the API, but I do not see this option available in the dashboard. Could you direct me to where I could view/configure client scope permission in the dashboard? Or is this API only?
Thanks,
Liam
It seems my reply got ate by the system and I don’t see it anymore, but I did find documentation about granting client scopes via the API, but I do not see this option available in the dashboard. Could you direct me to where I could view/configure client scope permission in the dashboard? Or is this API only?
Thanks,
Liam
At https://manage.auth0.com/#/apis/[value_that_depends_on_your_api]/authorized-clients you can authorize the client and also select the scopes. It’s more than one step as you authorize the client, select the scopes and update the authorization grant with the selected scopes.
1 Like
well that’s incredibly embarassing, the UI artifact was hidden by an arrow on that page. I guess I was working with my screen dimmed by flux so I couldn’t see it. Problem resolved!
2 Likes