We are in the process of migrating rules to actions. We have a rule that modifies the scope on the access token -
context.accessToken.scope = 'read:profile'
I see here that it is not possible to directly manipulate scopes from actions. Is there an indirect way to manipulate scopes from actions using the Management API?
Hey there!
Unfortunately I don’t think it’s possible at the moment. You can create a feature request for that using our Feedback category here:
Hello, is there still non way to modify scopes in Actions? I also want to migrate from Rules but this is a blocking point.
I heard that Rules will be deprecated one day, so what do you advise me to do?
Thanks!
Serge
Hi,
Any progress on the same, I am on following few situation, only solution I see is to write Rules,
Please suggest.
Hey all,
This is becoming higher priority now that Rules have an announced end of life.
What is the recommendation for replacing a Rule that currently modifies scopes?
that’s it, here we are…
no more way to deploy rules and no solution to dynamically assign scope with an action.
I am stuck !
I hadn’t seen the announcement of new features: it seems that we can finally modify the scope in an action :
This is only for post-login action. All other action types have no way of updating scopes or permissions on an access token.
@konrad.sopala any suggestions? We’re trying to limit the scopes issued to the scopes requested. Since hooks and rules are no more how can this be accomplished with actions, or can Auth0 enable hooks and rules for machine to machine tokens?
Also for anyone else looking, I did find this which describes the problem of machine to machine issuing all scopes all of the time: Fetching an M2M token returns all granted scopes/permissions instead of requested scopes - Auth0 Community
Hey there!
As this topic is related to Actions and Rules & Hooks are being deprecated soon in favor of Actions, I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!
@konrad.sopala is there any change in this now that hooks are about to be disabled? It still looks like we cannot modify the scopes for m2m tokens, which auth0 has called out as an internal limitation. If there’s not a way to do this yet can we get an extension on hooks going away since this IS something we’re relying on today?