Auth0 Home Blog Docs

Insufficient scope error when calling authorization extension API for old client

api-authorization
scope

#1

Hello,
I have a single page app client that I created in March.
This week I tried to add a new client to my account and I find that due to a change in the API management I need to set realm-password grand types to my new client by making to the API.
So I followed the steps of the documentation, but after getting my token in the API section of the dashboard (in order to use it in https://auth0.com/docs/api/management/v2) every time I tried to use it I found that the token has none scope. I’ve also checked on jwt.io to confirm that.

After spending some hours trying to get a token with scopes, I’ve created a new auth0 account and find that for new accounts the token has all the scopes.

I really need to use my old account, there is another way to get a token with the proper scopes? Can you confirm that there is a bug on the old accounts?


#2

Given you mentioned that you were looking to update the client grant types have in mind that the Dashboard itself now supports performing the management of client grant types so that may allow you to bypass the original problem. You can access this functionality by going to the client application advanced settings and then choose the grant types section.


UPDATE:

I just confirmed and the account in question has configured a client credentials hook that forces the scope of all access tokens issued within that account to be none. Assuming this hook was just created as an experiment you can just deselect it so that no hooks are run.


In relation to the actual problem, can you perform the following steps:

  • manually create a new non interactive client application through the dashboard
  • access the APIs section and select the Auth0 Management API
  • navigate to the Non Interactive Clients and for the previously created client application authorize all the scopes
  • navigate to the Test tab, select the previously created client application and check if the generated access token still has no scopes associated

Let me know the outcome of the above so that this can be further reviewed.


#3

I’ve created that hook after the issue starts happening in order to find a workaround. Now I deleted and starts to work properly

Thanks


#4

I’ve created that hook after the issue starts happening in order to find a workaround. Now I deleted and starts to work properly

Thanks


#5