Insufficient Scope for Requesting to Resend Email Verification

I am trying to allow user to request a resend for email verification in Angular SPA. However, when I call the POST /verification-email API it’s giving me insufficient_scope error, expecting update:users scope.

I tried to add the scope in the AuthConfig scope: 'update:users read:current_user', but it’s still not working. Can someone please help?

@Injectable()
export class ManagementService {
    constructor(private http: HttpClient) {

    }
    resendVerificationEmail(request: any) {
        const url = '/auth/jobs/verification-email'; //proxy to auth0 domain api
        return this.http.post(url, request, { reportProgress: true, responseType: 'json' });
    }
}
export class ProfileComponent {
    userInfo: any;
    constructor(private auth: AuthService, private managementService: ManagementService) {

    }
    ngOnInit() {
        this.auth.getUser().pipe(
            switchMap((user)=> this.managementService.getUserData(user?.sub)),
            map((userInfo)=> {
                this.userInfo = userInfo;
            })
        ).subscribe();
    }
    // call when user clicks on button to request email verification
    verifyEmail() {
        this.managementService.resendVerificationEmail({user_id: this.userInfo.user_id}).subscribe({
            next: (result) => {
                console.log(result);
            }
        })
    }
}

Hey there @supergrounded!

Are you just using the user’s access token in this scenario? If so, you won’t be able to add the update:users scope as even Management API tokens issued to a SPA are limited in scope.

Instead, you will need to make this call from a backend which handles getting a Management API access token, similar to what’s described in this FAQ:

1 Like