Although we experimented with providing direct manipulation of ID and Access Token scopes during the Actions Beta, we do not support this functionality in Actions GA.
This is very disappointing when you as developer are able to do so using the “legacy” Rules or Hooks, depending on the flow, even with the beta version of Actions was possible, but then you realize isn’t possible for you to completely migrate to Actions GA.
To my fellow developers out there, watch out with Actions GA before you decide on a fully migration from Rules and Hooks.
I’ve been in touch with the Auth0 support team and they first said they would have an idea in late Q3/Q4 when they would be able to bring back this feature for Actions GA. In our last thread they mentioned they had to remove the direct scopes manipulation from Actions GA due to security reasons and don’t have an ETA right now. My last reply to them:
… customers that are currently manipulating the access token scopes through Rules or Hooks depending on the authentication flow, will need the same feature supported in Actions before migrating their code, otherwise those customers will complain since they will have to store the custom scopes in custom claims and change the interceptors at service level that accept the access tokens.
I hope they realize it would be a little bit disappointing for many people in the same situation.
Is there any possibility that we use the Hooks for direct scope manipulation in a M2M exchange and then we move it to Actions when the Auth0 Product Team is able to bring back this feature? It wouldn’t bother me to migrate that code from Hooks to Actions as long as we have reassurance from the Auth0 Product Team they will effectively support the feature in Actions by the time they decide to remove the Hooks.
I’m wondering if there is any update on this topic.
Does someone have a detailed explanation on why direct access to ID/Access token scope claim is not possible with Actions?
I’m in the same situation as everyone on this thread which is the start of the migration from Rules to Actions.
And this problem raises the legitimacy question of migrating from Rules to Actions with fewer functionalities/capabilities than before and with possible impacts (technical and cost) on the current code in production…
Unfortunately zero updates from Auth0 on this topic. I reached out to their support team in mid 2021 and they mentioned in 2021 Q3/Q4 they would have a better idea when they could bring it back, but I didn’t hear from them since then. It’s very disappointing!
This is also crucial functionality for us. We’re looking at migrating away from rules as we know they are being deprecated, but are not in a position to do so until this functionality is available. An ETA would be helpful.