Auth0 Home Blog Docs

Insufficient scope error when calling authorization extension API

api-authorization

#1

I am trying to call the Authorization API and am using the test client (non-interactive) that the dashboard created for me. I went in and added all the scopes to that client, but I am still getting an insufficient scope error when I call any API endpoints (ex. get groups for a user, following the samples in the docs).

I also tried adding ‘scopes=read:groups’ to the query string with no luck.


#2

Could not reproduce this situation with the following steps:

  1. create a non-interactive client and authorize it for all extension scopes;
  2. perform a client credentials grant providing the Authorization extension API as the audience and without specifying any scope;
  3. perform a GET request to /api/groups including the previously returned access token.

The above steps result in the groups being listed. I would suggest you to review the access token returned to you and check the issued scopes yourself using the jwt.io tool. If you see the expected scopes in there and the token seem that it should be valid from the perspective of the extension then update your question with more information. You can include the header and payload part of the JWT access token and omit the signature; this makes the token unusable and may provide more information to troubleshoot.


#3

Using the jwt.io tool you mentioned I was able to confirm that there was no scope in the token. Then tracked it down to the granting of access for the client. Thanks for pointing me in the right direction!


#4

Using the jwt.io tool you mentioned I was able to confirm that there was no scope in the token. Then tracked it down to the granting of access for the client. Thanks for pointing me in the right direction!


#5

I’m having the same problem, I could’n figure out how to generate a token with the proper scopes… Can you help me with this?

I was able to get the right token by creating a new auth0 account… seems that there is a bug with old accounts and the apis…


#6

I’m having the same problem, I could’n figure out how to generate a token with the proper scopes… Can you help me with this?

I was able to get the right token by creating a new auth0 account… seems that there is a bug with old accounts and the apis…


#7

As mentioned, I was unable to reproduce with the above steps; if you experience the problem in certain situation I would suggest you to create a new question that exactly details how you reproduce the issue. If you’re okay with disclosing the account names for which it works and not works it may also help.


#8