Scope doesnt assign to access token on React

I want to get a user role, so i make this request: https://${domain}/api/v2/users/${sub}/roles. But i have an error: Insufficient scope, expected any of: read:users,read:roles,read:role_members
For this request i must provide an access token with folowing scope: read:users read:roles read:role_members.
I provided scope in Auth0Provider:

<Auth0Provider domain="_" clientId="_" authorizationParams={{ redirect_uri: window.location.origin, audience: "_", scope: "read:current_user update:current_user_metadata read:users read:roles read:role_members" }}> <App/> </Auth0Provider>

But scope in token is:
"scope": "openid read:current_user update:current_user_metadata". So how can i assign scope to the token?

Hello @Xepobopa welcome to the community!

A Management API Access Token () obtained by the SPA is limited in the scopes it can have - Instead, you’ll need to utilize a backend of sorts to get and use a properly scoped access token. The following article outlines this flow:

Alternatively (and easiest route), you can add a user’s roles as a claim to an Access Token and get them that way:

Hope this helps!

1 Like

Hello! Thanks for your reply. I tried to use Login Flow from your reply. Here is my code:

exports.onExecutePostLogin = async (event, api) => {
  const namespace = '';
  if (event.authorization) {
    api.idToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);
    api.accessToken.setCustomClaim(`${namespace}/roles`, event.authorization.roles);

But code from the link don’t work. My access token don’t contain any role.
Also i tried to pass default values, but it didn’t work too:

api.idToken.setCustomClaim(`value`, "key");
api.accessToken.setCustomClaim(`value`, "key");

access token:

  "iss": "",
  "sub": "auth0|64aa6b4142cc3032718b8da0",
  "aud": [
  "iat": 1688896803,
  "exp": 1688983203,
  "azp": "ldJvP8jc3TJedTVViILgUWKqKDFjRDMB",
  "scope": "openid read:current_user update:current_user_metadata"

(I described in more detail here reactjs - Unable to scope access token - Stack Overflow)

1 Like

Hey @Xepobopa happy to help, apologize for the delayed response!

Auth0 domains aren’t allowed in custom namespaces so I believe it’s just being ignored in this case - The roles should be added if you use anything else (outside of restricted claims).


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.