We are in the process of migrating rules to actions. We have a rule that modifies the scope on the access token -
context.accessToken.scope = 'read:profile'
I see here that it is not possible to directly manipulate scopes from actions. Is there an indirect way to manipulate scopes from actions using the Management API?
Hey there!
Unfortunately I don’t think it’s possible at the moment. You can create a feature request for that using our Feedback category here:
Hello, is there still non way to modify scopes in Actions? I also want to migrate from Rules but this is a blocking point.
I heard that Rules will be deprecated one day, so what do you advise me to do?
Thanks!
Serge
Hi,
Any progress on the same, I am on following few situation, only solution I see is to write Rules,
Please suggest.
Hey all,
This is becoming higher priority now that Rules have an announced end of life.
What is the recommendation for replacing a Rule that currently modifies scopes?
that’s it, here we are…
no more way to deploy rules and no solution to dynamically assign scope with an action.
I am stuck !
I hadn’t seen the announcement of new features: it seems that we can finally modify the scope in an action :
This is only for post-login action. All other action types have no way of updating scopes or permissions on an access token.
@konrad.sopala any suggestions? We’re trying to limit the scopes issued to the scopes requested. Since hooks and rules are no more how can this be accomplished with actions, or can Auth0 enable hooks and rules for machine to machine tokens?
Also for anyone else looking, I did find this which describes the problem of machine to machine issuing all scopes all of the time: Fetching an M2M token returns all granted scopes/permissions instead of requested scopes - Auth0 Community
Hey there!
As this topic is related to Actions and Rules & Hooks are being deprecated soon in favor of Actions, I’m excited to let you know about our next Ask me Anything session in the Forum on Thursday, January 18 with the Rules, Hooks and Actions team on Rules & Hooks and why Actions matter! Submit your questions in the thread above and our esteemed product experts will provide written answers on January 18. Find out more about Rules & Hooks and why Actions matter! Can’t wait to see you there!
@konrad.sopala is there any change in this now that hooks are about to be disabled? It still looks like we cannot modify the scopes for m2m tokens, which auth0 has called out as an internal limitation. If there’s not a way to do this yet can we get an extension on hooks going away since this IS something we’re relying on today?
Hi @securitan, @serge92, @gurpreetsingh840, @neil.mccoy, @trepied-clients, @jamiestumme,
You can now modify the scopes in a Post-Login action script using the following functions:
api.accessToken.addScope(scope)api.accessToken.removeScope(scope)Please check out our Actions Triggers: post-login - API Object documentation as a reference.
Thanks,
Rueben
Hey @rueben.tiow,
This is all well for post-login, but this does not work for machine-to-machine actions.
To replace hooks we need this functionality on m2m tokens as well.
Hi @jamiestumme,
That’s great to hear it worked well with the post-login action script.
Unfortunately, the M2M actions do not currently have any method for adding or removing scopes. Only the methods listed in our Actions Triggers: credentials-exchange - API Object documentation are available.
After investigating, it appears there is a parity gap between Hooks and the M2M Action script. We are actively working on enhancing the M2M Action script to address this. In the meantime, if you need to add or remove scopes, please continue using Hooks to achieve this functionality until further updates are available.
Thanks,
Rueben
@rueben.tiow thanks for getting the ball moving on this.
Unfortunately we created our dev tenant after the hooks cutoff. We cannot add a hook to handle this. I’m also not sure if we needed to, if we could update the hooks in stage or prod.
Hi @jamiestumme,
Thanks for the update.
Since the Hooks EOL on November 18, 2024, there is no option to add a hook. Only hooks that were previously configured will continue to work for the moment, until the parity gap is resolved.
In this case, I recommend upvoting on this feedback request asking to support adding/removing scopes for the M2M action script so that we can prioritize implementing this feature based on the highest votes.
Thanks,
Rueben
@rueben.tiow Is this not something that can be prioritized internally since there is a deadline for hooks to be completely removed and a large gap in actions, which has been brought up multiple times over the year?
Cheers,
Hi @jamiestumme,
Thanks for the reply.
This is already being prioritized internally. From what I have gathered, our Engineering team has extended the EOL of hooks by ~6 months for customers who have previously configured Hooks. However, this does not allow anybody to create new ones.
We apologize for any inconvenience this might be causing you. One option you could explore is to reach out to your TAM to ask for an exception. I am uncertain if this will be approved, but it would be worth a try.
Thanks,
Rueben