Original granted scopes not not available in rules/action when refreshing token

christian.hunstad · November 1, 2021, 12:50pm

Hello,

I found this post that was closed in 2019 that describes my problem: How to get originally granted scopes when renewing token in Auth0 Rules?

When refreshing an access token, the originally granted scopes is nowhere to be found when a rule or action is executed. We have some logic in auth0 rules adding som data to the access token if a custom scope is provided in the request body, and are now trying to add refresh tokens to our application.

I am using the auth0 express-openid-connect middleware, and could pass the scopes to the refresh request. But omitting the scopes in the refresh request should result in it being treated as equal to the scope originally granted by the resource owner.

Should I have to resend the scopes in the request for refreshing my access token in order to see them within a rule or action?

aranjan1 · March 10, 2022, 2:24am

I have the same question. @christian.hunstad pl post here if you found a solution/workaround.

rbarber · April 14, 2022, 6:12pm

I am experiencing the same issue. Anyone have a solution? @christian.hunstad @aranjan1

arao1 · December 19, 2022, 4:22pm

Anyone have a solution for this? I am running into the same situation with missing scopes when using refresh-tokens. Thanks!

tyf · December 24, 2022, 12:27am

Hey there @arao1 welcome to the community!

If I’m understanding correctly the contents on the Access Token are the same in the token returned, however you’re unable to access any custom scopes added via extensibility previously? A bit of a tricky situation here, but I believe adding custom props on the silent auth may be the only option to pick up in a rule/action:

system · March 9, 2023, 1:23am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.