Auth0 Home Blog Docs

Filtering scopes with permissions



The following link shows an example for how to ensure that access tokens will only contain the scopes which are valid according to a user’s permissions:

However, seems like code adds the permissions to the requested scopes and not filtering the requested scopes by the permissions.

Array.prototype.push.apply(filteredScopes, permissions);

What am I missing?