Not Possible to Remove the Scopes in the Token for Machine-to-Machine Applications Inside an Credentials-Exchange Action

gabriela.pantea · July 2, 2024, 8:17pm

Overview

An error occurs when using the method api.accessToken.addScope() or api.accessToken.removeScope() in the Actions Editor.

Property ‘addScope’ does not exist on type ‘AccessTokenAPI’

This error is observed in the context of the Machine-to-machine flow.

While these methods exist in other flows (e.g., Login Flow, as shown in the screenshot below), in this, it is throwing an error in the IDE.

Applies To

Node 18 runtime.
Machine-to-Machine Flow

Cause

This is a current limitation of Auth0.
The scopes cannot be removed from M2M tokens and all granted scopes will be returned for the M2M application. This is explained in the link to our Community Article below.

Fetching an M2M Token Returns All Granted Scopes/Permissions Instead of Requested Scopes

Solution

This is a current limitation of Auth0. The scopes need to kept in the token.

Topic		Replies	Views
How to use M2M token scopes Help apis , application	5	106	August 2, 2024
Assistance Needed: Modifying Access Token Scope in Machine to Machine Application Help management-api , actions-management-api	2	245	April 26, 2024
api.accessToken.addScope is not a function when used from onExecuteCredentialsExchange action template Help apis , application	5	56	October 1, 2024
I am trying to add a custom scope "xyz" in my M2M application using Auth0 Actions and failing to do so Help management-api , actions-management-api	0	196	April 26, 2024
Modify machine to machine scopes Help	2	3553	August 28, 2019

Not Possible to Remove the Scopes in the Token for Machine-to-Machine Applications Inside an Credentials-Exchange Action

Overview

Applies To

Cause

Solution

Related topics