Managment API does not have the correct scopes read:roles

bf1 · April 26, 2019, 2:27pm

I am trying to get a user’s roles with the Auth0 Management API. I am following the Documentation to the letter and when I try to get the roles I get this message:
{
“statusCode”: 403,
“error”: “Forbidden”,
“message”: “Insufficient scope, expected all of: read:users,read:roles”,
“errorCode”: “insufficient_scope”
}
This is very confusing, because I am using the access_token provided by the Auth0 Managment API (in the API Explorer tab). In the Permission Tab I can clearly see the two scopes described above:

Although, when I go to https://jwt.io/ and decode the access token, it does not have the read:roles scope.

I am trying to understand what the error is. Can someone help me out?

markd · April 26, 2019, 3:29pm

Off the cuff but sounds like you need to check the scopes actually assigned to whichever client you are talking to, under the machine-to-machine tab. The Permissions tab is all possible scopes, the machine-to-machine tab is actual scopes assigned to a given client.

system · September 2, 2019, 12:56pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Forbidden: Insufficient scope, expected one of: read:users AND read:roles, OR read:role_members Help auth0 , api , rules , management-api , access-token	4	5612	July 28, 2022
Insufficient scope, expected any of: read:roles Help auth0 , scope	4	7842	April 22, 2022
Scope doesnt assign to access token on React Help management-api , users	4	1320	July 12, 2023
Management API returns 403 when attempting to read users Help react , auth0-spa-js	3	11152	September 19, 2019
How to specify scopes in an authorize call Help management-api , users	6	604	May 8, 2024

Managment API does not have the correct scopes read:roles

Related Topics