@konrad.sopala is there any change in this now that hooks are about to be disabled? It still looks like we cannot modify the scopes for m2m tokens, which auth0 has called out as an internal limitation. If there’s not a way to do this yet can we get an extension on hooks going away since this IS something we’re relying on today?
Overview
An error occurs when using the method api.accessToken.addScope() or api.accessToken.removeScope() in the Actions Editor.
Property ‘addScope’ does not exist on type ‘AccessTokenAPI’
[1.jpeg]
This error is observed in the context of the Machine-to-machine flow.
While these methods exist in other flows (e.g., Login Flow, as shown in the screenshot below), in this, it is throwing an error in the IDE.
[2.jpeg]
Applies To
Node 18 runtime.
Machine-to-Machine Flow
Cause
This is a curr…
Problem statement
After configuring several APIs to be granted access, with limited permissions, to a handful of machine-to-machine (M2M) applications the following observations have been made:
If a token is requested by an M2M app, and no scopes are specified in the request, then the access token returned has all granted scopes for the given M2M app as expected
If a token is requested by an M2M and a subset of scopes are specified at the time of request, then the access token will still inclu…