Manipulate scopes for ID and Access Tokens using Actions GA

Hi,

Is there any strong reason why Auth0 decided to drop the support for direct manipulation of ID and Access Token scopes when they released Actions GA?

Although we experimented with providing direct manipulation of ID and Access Token scopes during the Actions Beta, we do not support this functionality in Actions GA.

This is very disappointing when you as developer are able to do so using the “legacy” Rules or Hooks, depending on the flow, even with the beta version of Actions was possible, but then you realize isn’t possible for you to completely migrate to Actions GA.

To my fellow developers out there, watch out with Actions GA before you decide on a fully migration from Rules and Hooks.

3 Likes

Hey there!

Let me follow-up on that and get back to you once I have some info to share!

Thank you so much Konrad! I will appreciate if there’s a short term plan to bring back the direct scopes manipulation in Actions GA.

Is there any update on this? I am too trying to migrate to actions from rules and I need to set the scope.

1 Like

Hi Billy,

I’ve been in touch with the Auth0 support team and they first said they would have an idea in late Q3/Q4 when they would be able to bring back this feature for Actions GA. In our last thread they mentioned they had to remove the direct scopes manipulation from Actions GA due to security reasons and don’t have an ETA right now. My last reply to them:

… customers that are currently manipulating the access token scopes through Rules or Hooks depending on the authentication flow, will need the same feature supported in Actions before migrating their code, otherwise those customers will complain since they will have to store the custom scopes in custom claims and change the interceptors at service level that accept the access tokens.

I hope they realize it would be a little bit disappointing for many people in the same situation.

Best regards,

2 Likes

Thanks for sharing that Howard with the rest of community!

1 Like

Hi Konrad,

Is there any possibility that we use the Hooks for direct scope manipulation in a M2M exchange and then we move it to Actions when the Auth0 Product Team is able to bring back this feature? It wouldn’t bother me to migrate that code from Hooks to Actions as long as we have reassurance from the Auth0 Product Team they will effectively support the feature in Actions by the time they decide to remove the Hooks.

Best regards,