Auth0 Home Blog Docs

How to define Scope on API login using Machine to Machine app


I’m implementing an authentication challenge in an Apple Business Chat conversation
I’m using a Machine to Machine app with the management API.
Apple calls the authorize endpoint with the client ID of my Auth0 App - this present the Auth0 login screen.
User inputs credentials and then the oauth/token endpoint is called and an Access Token is returned to the “Agent” side.
On the Agent side, I have an app that calls /userinfo with the Access Token, but all I get in return is {}

I’ve been reading that I need to define the scope - where do I define this? Is it in the oauth/token call to Auth0 made by Apple?


So I removed the OIDC Conformant option from the application (can be found under Advance Setting>>OAuth)
Now I get a response will all user data and meta data. Not sure this is the right approach but it works…