Auth0 Home Blog Docs

Insufficient Scope error. Token does not contains scopes

jwt
auth0

#1

In my application each administrator has app_metdata attribute that defines whether or not they have the admin role. I am using a rule (below) to add the admin scope if the user has this metadata.However, any API calls using the token returns an insufficient scope error. I have used jwt.io to verify that NO scopes are returned in my token. What do I have to do to ensure my authorized scopes are included in the JWT?

  function (user, context, callback) {
  var _ = require("lodash");
  
  var req = context.request;
  
  // Get requested scopes
  var scopes = (req.query && req.query.scope) || (req.body && req.body.scope);
  
  // Normalize scopes into an array
  scopes = (scopes && scopes.split(" ")) || '';


  if (user.app_metadata !== undefined && user.app_metadata.roles !== undefined && user.app_metadata.roles.indexOf('admin') >= 0) {
   scopes.push("admin"); 
  }
  // Restrict the access token scopes according to the current user
  //context.accessToken.scope = restrictScopes(user, scopes);
  console.log('scopes',scopes.join(" "));
  context.accessToken.scope = scopes.join(" ");
  callback(null, user, context);

}