Filtering scopes with permissions

admin26 · August 24, 2018, 6:31am

The following link shows an example for how to ensure that access tokens will only contain the scopes which are valid according to a user’s permissions:
https://auth0.com/docs/architecture-scenarios/spa-api/part-2#create-a-rule-to-validate-token-scopes

However, seems like code adds the permissions to the requested scopes and not filtering the requested scopes by the permissions.

Array.prototype.push.apply(filteredScopes, permissions);

What am I missing?

Yossi

konrad.sopala · August 19, 2019, 12:55pm

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?

Topic		Replies	Views
Filter scopes with an action when using grant_type password Help configuration , application	4	15	November 19, 2024
SPA + API tutorial removes default scopes Help jwt , auth0	5	4177	March 5, 2019
Trouble understanding scopes vs permissions Help api , scopes , access-token , api-authorization , scope	7	9322	January 4, 2021
Removing 'openid','profile' scopes from access token Help rules	3	4819	August 19, 2019
Custom scopes inside access token Help jwt , scopes , access-token	3	4431	September 26, 2019

Filtering scopes with permissions

Related Topics