Auth0 Home Blog Docs

Filtering scopes with permissions

auth0

#1

The following link shows an example for how to ensure that access tokens will only contain the scopes which are valid according to a user’s permissions:
https://auth0.com/docs/architecture-scenarios/spa-api/part-2#create-a-rule-to-validate-token-scopes

However, seems like code adds the permissions to the requested scopes and not filtering the requested scopes by the permissions.

Array.prototype.push.apply(filteredScopes, permissions);

What am I missing?

Yossi