Managment API does not have the correct scopes read:roles

bf1 · April 26, 2019, 2:27pm

I am trying to get a user’s roles with the Auth0 Management API. I am following the Documentation to the letter and when I try to get the roles I get this message:
{
“statusCode”: 403,
“error”: “Forbidden”,
“message”: “Insufficient scope, expected all of: read:users,read:roles”,
“errorCode”: “insufficient_scope”
}
This is very confusing, because I am using the access_token provided by the Auth0 Managment API (in the API Explorer tab). In the Permission Tab I can clearly see the two scopes described above:

Although, when I go to https://jwt.io/ and decode the access token, it does not have the read:roles scope.

I am trying to understand what the error is. Can someone help me out?

markd · April 26, 2019, 3:29pm

Off the cuff but sounds like you need to check the scopes actually assigned to whichever client you are talking to, under the machine-to-machine tab. The Permissions tab is all possible scopes, the machine-to-machine tab is actual scopes assigned to a given client.

Topic		Replies	Views
How to specify scopes in an authorize call Get Help management-api , users	6	2033	May 8, 2024
Insufficient scope, expected any of: read:roles Get Help auth0 , scope	4	9086	April 22, 2022
Forbidden: Insufficient scope, expected one of: read:users AND read:roles, OR read:role_members Get Help auth0 , api , rules , management-api , access-token	4	6454	July 28, 2022
Fetch app's roles from within a rule Get Help auth0 , api , rules , management-api	4	2687	July 12, 2021
Management client api not working for roles and permission in Rules Get Help	2	3152	June 2, 2021

Managment API does not have the correct scopes read:roles

Related topics