Missing create:user_tickets scope when using the Auth0 .NET SDK

We’re using the Auth0 .NET SDK to interact with the management API.

The ManagementApiClient (named ManagementClient ) is created like so:


var response = await _authClient.GetTokenAsync(new ClientCredentialsTokenRequest
{
    Audience = AUDIENCE,
    ClientId = CLIENT_ID,
    ClientSecret = CLIENT_SECRET,
});
var mc = new HttpClientManagementConnection(_authHttpClient);
ManagementClient = new ManagementApiClient(response.AccessToken, DOMAIN, mc);

Then we want to trigger a password change ticket and do this:

var ticket = await ManagementClient.Tickets.CreatePasswordChangeTicketAsync(new PasswordChangeTicketRequest
{
    UserId = userId
});

This fails with the message Auth0.Core.Exceptions.ErrorApiException: Insufficient scope, expected any of: create:user_tickets.

The setup works fine when interacting with the ManagementClient.Users methods.

I’m a bit confused how we’re supposed to set up the scopes here and make sure we’re getting the correct ones when setting up the client.

Hi @fishmoose, (nice name :laughing:)

Make sure you have the permission turned on for this app in your management API settings.

That’s it! Thanks.

For anyone else wondering, the dropdown button is easy to miss:

1 Like

Thanks for following up!