GET /api/v2/connections/{id} not returning options object for Facebook social connection

Get Help
,
1

Ready to post? :magnifying_glass_tilted_right: First try sear

Subject: GET /api/v2/connections/{id} not returning options object for Facebook social connection

Environment
Tenant dev-f5l7vb5vs5q2vfh1.us.auth0.com

Region US

Plan Development

Connection ID con_nUJeUmyp39QKKtEl

Strategy facebook

Issue
The GET /api/v2/connections/{id} endpoint returns an empty options.scope for a Facebook social connection, despite permissions being visibly configured in the Auth0 Dashboard (Age Range, Events, Gender checked).

Endpoint Called
GET https://dev-f5l7vb5vs5q2vfh1.us.auth0.com/api/v2/connections/con_nUJeUmyp39QKKtEl
Also tried:
GET /api/v2/connections/:id?fields=id,name,strategy,options&include_fields=true

Token Scopes (confirmed present)
read:connections
update:connections
read:connections_options
read:connection_profiles
read:connections_keys
Grant type: client_credentials (M2M)
Audience: https://dev-f5l7vb5vs5q2vfh1.us.auth0.com/api/v2/

Actual Response
json{
“id”: “con_nUJeUmyp39QKKtEl”,
“options”: {
“scope”: “”
},
“strategy”: “facebook”,
“name”: “facebook”,
“is_domain_connection”: false,
“authentication”: { “active”: true },
“connected_accounts”: { “active”: false },
“enabled_clients”: [
“FKcJaCDTDCgkL9yukmvDxcqoxkFTSffz”,
“3eQ75QMDvaLRSpukXFDss8qMvPu6xlmJ”
],
“realms”: [“facebook”]
}

Expected Response
options should contain the Facebook permissions configured in the dashboard:
json{
“options”: {
“scope”: “public_profile,user_age_range,user_events,user_gender”,
“public_profile”: true,
“user_age_range”: true,
“user_events”: true,
“user_gender”: true
}
}

Dashboard Configuration (confirmed saved)
PermissionScope KeyStatusPublic Profilepublic_profile​:white_check_mark: EnabledAge Rangeuser_age_range​:white_check_mark: EnabledEventsuser_events​:white_check_mark: EnabledGenderuser_gender​:white_check_mark: Enabled

Questions for Auth0 Support

Is the options object intentionally excluded from the API response for Facebook social connections?
Is there a specific endpoint or parameter required to retrieve Facebook permission scopes via the Management API?
Does the read:connections_options scope unlock any additional endpoint or response fields not documented publicly?
Is this a known bug or a documentation gap?

ching for your answer.

3

Hi @chitvan.mishra,

Welcome to the Auth0 Community!

Please allow me some more time to investigate this further and I will come back with a response as soon as possible!

Best regards,
Remus

4

Hi @chitvan.mishra,

Welcome again to the Auth0 Community and thank you for your patience.

After internal testing and a review of Auth0’s current status I want to confirm that I personally tested the GET /v2/connections/{id} endpoint with a Facebook connection on my end. Using an access token that included the read:connections_options scope, I was able to consistently retrieve the complete options object, including all configured permissions, just as expected. This confirms the API is functioning correctly when the proper permissions are present in the token.

The behavior you are experiencing is related to a deprecation notice - Migrate to Management API Connection Options Scopes.

Auth0 is migrating all tenants to a model where the GET /v2/connections and the GET /v2/connections/{id} do not include the options object anymore, unless specifically requested. This document explains that new scopes (read:connections_options and update:connections_options ) are now required to access the options field.

In my opinion, the issue you’re facing stems from one of two possibilities related to this migration: the tenant-level migration setting or the access token itself.

Your tenant may still have the legacy compatibility mode active. While this mode is intended to provide backward compatibility, it might create inconsistent behavior, especially for social connections like Facebook.

So I strongly recommend finalizing the migration to Auth0’s modern security standard.

  1. Go to Auth0 Dashboard > Tenant Settings > Advanced .
  2. Scroll to the Migrations section.
  3. If you see the Allow Connections Management without Options Scopes toggle, try turning it off.

This will make the API behavior predictable.
Ultimately, even with the correct tenant settings, the API call will only succeed if the access token contains the right permission. From what you have already mentioned, you have this scopes enabled already, but that has to be a sure thing.

You can try verifying the token’s content:

  1. Copy the Bearer token your application is sending.
  2. Decode it using a tool like jwt.io .
  3. Inspect the decoded payload and confirm that the permissions array explicitly contains the string "read:connections_options" .

If the permission is missing, ensure your application is requesting a fresh token and not using a cached one, and double-check that the scope is enabled on the correct M2M application in the Auth0 dashboard.

Please let me know how this goes!
Best regards,
Remus