When trying to test the management APIs following these instructions https://auth0.com/docs/api/management/v2/get-access-tokens-for-test the token generated does not contain any scopes so does not provide access to the management APIs. I have checked the machine to machine connections for the management API and the API Explorer Application has many scopes enabled.
Hi,
Welcome to the Community!
Please explain what you actually trying to do because the default token you mention have all the scopes and will work.
Hi,
Thanks for your reply.
We are trying to call the GetUsers Management API but keep getting an unautherized response, I believe because the token does not contain any scopes. We previously had this working in our application by using the https://{domain}/oauth/token api to retrieve the token. However this had recently stopped working. To investigate why this has stopped working I tried using the test token and found that that also didn’t contain any scopes. Screenshots below (tokens, domains and ID’s removed):
Getting test token
Set api token (no scopes in token)
Scopes are enabled for application
Are you able to see any Scopes assigned in permissions tab.
This is the permission tab
and some of the permissions for the API Explorer Application are shown it the last screenshot in my previous message
Worked it out, we were overriding the scopes in a hook
Perfect! Super glad to hear that!