How to get permissions in auth token for react client?

joni.r · November 11, 2020, 10:11am

Integrating Auth0 with React client has turned out to be challenging. I’m unable to retrieve scopes I have added to the API in the Auth0 website.

Given the following code to retrieve an access token to the client:


  useEffect(() => {
    async function getToken() {
      const token = await getAccessTokenSilently({
        ignoreCache: true,
        audience: `https://${domain}/api/v2/`,
        scope: 'read:current_user read:products write:products',
      });
      console.log('got token', token);
    }

    if (isAuthenticated) {
      getToken();
    }
  });

I successfully get an access token. However, it does not include read:products or write:products scopes.

Scopes that get returned with the access token are:
"scope": "openid profile email read:current_user"

Why doesn’t read:products and write:products get sent back?

I have added permissions to the specific user directly from Auth0 website.

Here is how Auth0Provider has been set up:

ReactDOM.render(
  <React.StrictMode>
    <Auth0Provider
      domain={process.env.REACT_APP_AUTH0_DOMAIN || ''}
      clientId={process.env.REACT_APP_AUTH0_CLIENT_ID || ''}
      audience={audience}
      scope="read:current_user read:products write:products"
      redirectUri={window.location.origin}
    >
      <Provider store={store}>
        <App />
      </Provider>
    </Auth0Provider>
  </React.StrictMode>,
  document.getElementById('root'),
);

library versions used

"@auth0/auth0-react": "^1.2.0"
 "react": "^17.0.1"

dan.woda · November 12, 2020, 7:29pm

It looks like you are requesting a management API token (specified by the audience param), not a token for whatever API is related to the read and write scopes you are expecting.

Is there a reason you need the management API audience?

joni.r · November 13, 2020, 7:23am

Thank you Dan, yes I had set audience to request mgmt API token, which obviously was not what I intended. Thank you for spotting.

dan.woda · November 13, 2020, 4:09pm

Glad we found the solution! Let us know if you have other questions.

system · November 28, 2020, 4:09pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Permissions not returned as part of a token when Org ID is set in Auth0Provider Help	3	2273	February 22, 2022
Cannot get desired scope from react-auth0 getAccessTokenWithPopup Help access-token , react	3	1824	December 22, 2022
Adding Scopes to Access Token created for React app Help management-api , roles	4	1829	December 17, 2023
React app, Receiving an Opaque Token when I should be receiving a JWT token supposedly Help configuration , application	2	330	February 20, 2024
Auth0-react is not accepting scopes Help login-experience , new-universal-login-experience	8	333	May 28, 2024

How to get permissions in auth token for react client?

Related topics