Modify scopes within an action

We are in the process of migrating rules to actions. We have a rule that modifies the scope on the access token -

context.accessToken.scope = 'read:profile'

I see here that it is not possible to directly manipulate scopes from actions. Is there an indirect way to manipulate scopes from actions using the Management API?

2 Likes

Hey there!

Unfortunately I don’t think it’s possible at the moment. You can create a feature request for that using our Feedback category here:

1 Like

Hello, is there still non way to modify scopes in Actions? I also want to migrate from Rules but this is a blocking point.
I heard that Rules will be deprecated one day, so what do you advise me to do?
Thanks!
Serge

2 Likes

Hi,
Any progress on the same, I am on following few situation, only solution I see is to write Rules,

  1. How to add roles
  2. How to read Roles
  3. how to write shared functions those can be used by more than one, without adding those to NPM

Please suggest.

Hey all,

This is becoming higher priority now that Rules have an announced end of life.

What is the recommendation for replacing a Rule that currently modifies scopes?

1 Like

that’s it, here we are…
no more way to deploy rules and no solution to dynamically assign scope with an action.
I am stuck !

I hadn’t seen the announcement of new features: it seems that we can finally modify the scope in an action :

This is only for post-login action. All other action types have no way of updating scopes or permissions on an access token.

@konrad.sopala any suggestions? We’re trying to limit the scopes issued to the scopes requested. Since hooks and rules are no more how can this be accomplished with actions, or can Auth0 enable hooks and rules for machine to machine tokens?

Also for anyone else looking, I did find this which describes the problem of machine to machine issuing all scopes all of the time: Fetching an M2M token returns all granted scopes/permissions instead of requested scopes - Auth0 Community

1 Like

Hey there!

As this topic is related to Actions and Rules & Hooks are being deprecated soon in favor of Actions, I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!

Learn more here!

@konrad.sopala is there any change in this now that hooks are about to be disabled? It still looks like we cannot modify the scopes for m2m tokens, which auth0 has called out as an internal limitation. If there’s not a way to do this yet can we get an extension on hooks going away since this IS something we’re relying on today?