We are in the process of migrating rules to actions. We have a rule that modifies the scope on the access token -
context.accessToken.scope = 'read:profile'
I see here that it is not possible to directly manipulate scopes from actions. Is there an indirect way to manipulate scopes from actions using the Management API?
Hey there!
Unfortunately I don’t think it’s possible at the moment. You can create a feature request for that using our Feedback category here:
Hello, is there still non way to modify scopes in Actions? I also want to migrate from Rules but this is a blocking point.
I heard that Rules will be deprecated one day, so what do you advise me to do?
Thanks!
Serge
Hi,
Any progress on the same, I am on following few situation, only solution I see is to write Rules,
Please suggest.
Hey all,
This is becoming higher priority now that Rules have an announced end of life.
What is the recommendation for replacing a Rule that currently modifies scopes?
that’s it, here we are…
no more way to deploy rules and no solution to dynamically assign scope with an action.
I am stuck !
I hadn’t seen the announcement of new features: it seems that we can finally modify the scope in an action :
This is only for post-login action. All other action types have no way of updating scopes or permissions on an access token.
@konrad.sopala any suggestions? We’re trying to limit the scopes issued to the scopes requested. Since hooks and rules are no more how can this be accomplished with actions, or can Auth0 enable hooks and rules for machine to machine tokens?
Also for anyone else looking, I did find this which describes the problem of machine to machine issuing all scopes all of the time: Fetching an M2M token returns all granted scopes/permissions instead of requested scopes - Auth0 Community