Our scopes are defined in app.module.ts as:
AuthModule.forRoot({
domain: environment.auth0Domain,
clientId: environment.auth0ClientId,
authorizationParams: { audience: environment.auth0ApiAudience, scope: "profile email" },
httpInterceptor: {
allowedList: environment.auth0AllowedList as any,
},
cacheLocation: "localstorage",
}),
Now when users log in for the first time, they get a permission dialog stating that Auth0 can read mail. This is not a permission I want to show to users. So I was thinking I remove the email from the scope but then when a user logs in, Auth0 logs them automatically out with a cryptic error. Part of the logs:
"return_to": "http://localhost:4200?error=Something%20went%20wrong,%20please%20try%20again%20later",
I tried to discover where the email scope is used. Because we don’t have any custom scopes defined, the only place I can think of are 2 actions we created. We use stuff like ‘const users = await management.usersByEmail.getByEmail({email: ${event.user.email}});’.
Does anyone have a clue? My assumption is, the email address is part of the ‘profile’ scope and therefore the ‘email’ scope is not needed.