Knowledge Find Requested Scopes in Actions for 'Refresh token', 'Client Credential Exchange' or ROPG

Problem statement

Our documentation indicates that the requested scopes:

can be found in the event.transaction.requested_scopes. This only appears to be the case for more transactional-based authorization flows such as Implicit, PKCE, and Authorization Code Flow.

Client Credential, Refresh Token, and ROPG flows do not populate the event.transaction.requested_scopes object within an Action.


For the Client Credential, Refresh Token And ROPG flows the scopes can instead be accessed within the event.request.body.scope object.