I am having an issue where when I request a token using OAuth from Postman, the Auth0 Authentication API Debugger, or my own application it will not return the scopes that I request except for standard OIDC/profile ones like profile, email, offline_access.
I have confirmed that I am sending the request with my audience (https://<domain>/oauth/token?audience=https%3A%2F%2Fapi.projekter.opsella.com)
The API has RBAC enabled.
I have also ensured that the users show that they have been assigned permissions, either via role or direct assignment.
I’m not using any actions/triggers or any of the (deprecated) rules/hooks.
I am attempting to use the Auth0 organization feature, so maybe there is some config there that I am missing? I’m pretty confident that I have my request setup correctly in postman though I could be wrong. I’m not sure what I’m missing here that would be causing this issue. This was working about a week ago and then while I was doing my development I cleaned up some of the organizations and recreated them and now the scopes stopped showing up.
I have sent you a message as like I mentioned above, I have already included the audience value in the request, and it does not return the expected permissions.
I was able to fix the issue by disabling RBAC on the API, deleting all existing permissions and recreating them. A rather annoying bug but that seemed to fix it.