Filtering scopes with permissions

The following link shows an example for how to ensure that access tokens will only contain the scopes which are valid according to a user’s permissions:
https://auth0.com/docs/architecture-scenarios/spa-api/part-2#create-a-rule-to-validate-token-scopes

However, seems like code adds the permissions to the requested scopes and not filtering the requested scopes by the permissions.

Array.prototype.push.apply(filteredScopes, permissions);

What am I missing?

Yossi

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?