Hi Auth0 Community,
I’m building a first-party account management page for users. The app uses Auth0 for authentication, and I would like users to manage and add passkeys from this account page.
Based on the Auth0 My Account API documentation, it looks like I need these scopes on the My Account API resource server:
read:me:authentication_methods
create:me:authentication_methods
update:me:authentication_methods
delete:me:authentication_methods
However, in the Auth0 Dashboard, under the My Account API, I only see these scopes:
read:me:connected_accounts
create:me:connected_accounts
delete:me:connected_accounts
When my application requests the My Account API audience, Auth0 returns an error saying that the client is not authorized to access the My Account API resource server.
My use case is:
-
Show existing passkeys
-
Let users add a new passkey
-
Let users rename/delete passkeys
-
Do this from our own account management page, not only during hosted login
Questions:
-
Are the *:me:authentication_methods scopes still Limited Early Access / tenant-gated?
-
If yes, how can we request access for a tenant?
-
Is there any currently supported alternative for self-service passkey enrollment from a custom account management page?
-
Can this be solved by creating a custom Auth0 API/resource server, or must it be enabled specifically on the Auth0 My Account API?
Any guidance would be appreciated. Thank you!