Google workspace invalid scopes error

I’ve been trying to connect my google workspace account with Auth0.

filled in the client_id and secret properly, also managed to create a connection on postman. Received the access token there and managed to call the calender api endpoint from google. On postman it all worked.

When trying to login through Auth0 with my google workspace on my webapp, I get the following error message:

Some requested scopes were invalid. 
{valid=[,], invalid=[offline_access]}
[Learn more about this error]
If you are a developer of CompanyX, 
see [error details](

Error 400: invalid_scope

I Don’t understand why it works on postman and not on Auth0, any help is appreciated!

Hey there @Kiwi !

I don’t think the offline_access scope is needed for a Google connection - According to the docs here you’ll want to pass access_type=offline instead to get a refresh token.

Keep us posted!

Hey @tyf,

Thanks for your quick reply!
It is what makes me confused, since I am using the google workspace enterprise connection within my auth0 tenant. I’m not passing anything to get the google access token, Auth0 is doing this under the hood if I’m correct.
I’m just filling in my google workspace client_id and secret, which are correct (if I enter the wrong credentials I get a different error message).

When logging in in my webapp, I get the universal login screen. But when I actually log in with a users password and email through the connection, the error pops up.

No problem, happy to help!

How are you initiating the login flow (call to /authorize which brings up universal login) in your app? Are you using an SDK? Does the enterprise connection you’ve configured work if you test it from within your Auth0 tenant directly?

Because it works in Postman, my guess is that the offline_access scope is being passed wherever the initial authorize request is being configured/initiated.

Keep us posted!

Aha, I get what you mean. Didn’t think about how I was initiating the login function. I have been having a MS AAD registered with the app for a while.

It looks like I would need to pass the offline_access scope for MS AAD access but not for the google workspace access!

Removed the scopes from the authorized function and now it works, thanks for your support!

1 Like

Awesome, good news! Thanks for follow up here :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.