Grant scopes through an API call

Hello.

Is it possible to add a scope to a user through an API call?

I’m expecting something like
`PUT <some_url>/oauth/add_scopes?user_id=<something_very_unique>&scope_to_add=<some_custome_scope>

Instead of doing this manually through the UI.

Thank you.

You can use the Auth0 Management API to perform most of the configuration that is possible through the Dashboard UI. In this case I believe what you are looking for is the ability to configure the permissions associated with a given user ( POST /api/v2/users/{id}/permissions - Auth0 Management API v2).

1 Like

@jmangelo Thank you, but I see an option to grant permissions, not scopes, which I thought are different things

A problem with software development is that it’s common to call the same thing by different names and sometimes the same name means different things. I don’t want to start that type of discussion although I would agree it can be a source of confusion.

Initially, I assumed you had create an API entity in Auth0 to represent an API on your service. Your API would then provide different capabilities and you could possibly restrict certain capabilities to a specific set of users.

In this case you would have likely defined with the API a set of scopes (or API permissions - Add API Permissions) that represent different capabilities.

Further to that you were then looking to assign some users the possibility to perform/invoke a specific set of capabilities. In others words, you would want certain users to be granted a set of scopes so that the API could be called. In this case, assigning permissions through the endpoint I mentioned would be relevant because if you then enable RBAC for the API entity in Auth0, the permissions assigned to the users will be intersected with the API defined permissions (scopes) and the matching ones will be issued within the scope claim of an access token (Enable Role-Based Access Control for APIs).

3 Likes

@jmangelo Great and detailed answer. Thank you.

Thanks for the help on this one @jmangelo !