Auth0 Home Blog Docs

Insufficient Scope error. Token does not contains scopes



In my application each administrator has app_metdata attribute that defines whether or not they have the admin role. I am using a rule (below) to add the admin scope if the user has this metadata.However, any API calls using the token returns an insufficient scope error. I have used to verify that NO scopes are returned in my token. What do I have to do to ensure my authorized scopes are included in the JWT?

  function (user, context, callback) {
  var _ = require("lodash");
  var req = context.request;
  // Get requested scopes
  var scopes = (req.query && req.query.scope) || (req.body && req.body.scope);
  // Normalize scopes into an array
  scopes = (scopes && scopes.split(" ")) || '';

  if (user.app_metadata !== undefined && user.app_metadata.roles !== undefined && user.app_metadata.roles.indexOf('admin') >= 0) {
  // Restrict the access token scopes according to the current user
  //context.accessToken.scope = restrictScopes(user, scopes);
  console.log('scopes',scopes.join(" "));
  context.accessToken.scope = scopes.join(" ");
  callback(null, user, context);