Filtering scopes with permissions

admin26 · August 24, 2018, 6:31am

The following link shows an example for how to ensure that access tokens will only contain the scopes which are valid according to a user’s permissions:
https://auth0.com/docs/architecture-scenarios/spa-api/part-2#create-a-rule-to-validate-token-scopes

However, seems like code adds the permissions to the requested scopes and not filtering the requested scopes by the permissions.

Array.prototype.push.apply(filteredScopes, permissions);

What am I missing?

Yossi

konrad.sopala · August 19, 2019, 12:55pm

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?

Topic		Replies	Views
SPA + API tutorial removes default scopes Help jwt , auth0	5	4175	March 5, 2019
Trouble understanding scopes vs permissions Help api , scopes , access-token , api-authorization , scope	7	9317	January 4, 2021
Removing 'openid','profile' scopes from access token Help rules	3	4814	August 19, 2019
Custom scopes inside access token Help jwt , scopes , access-token	3	4431	September 26, 2019
Permissions: claim or scopes Help scopes , claims , permissions	11	17663	December 8, 2020

Filtering scopes with permissions

Related Topics