Auth0 Home Blog Docs

Scope is not being respected


#1

Hi, am sending a request using a ruby script directly to: /oauth/token. The body looks like:

"{\"grant_type\":\"http://auth0.com/oauth/grant-type/password-realm\",

“username”: "qa_test@wakoopa.com",“password”: “123”,
“audience”: “https://my-tenant.eu.auth0.com/userinfo”,
“scope”: “openid app app_scope cli”,
“client_id”: “my-client-id”,
“client_secret”: “the-access-token”,
“realm”: “Username-Password-Authentication”,
“response_type”: “token id_token”}"

But at the response the Scope is not the one am sending, so that the id_token that am getting has not all the user information as I would expect:

"{\"access_token\":\"the-access-token\",\"id_token\":\"the-id-token\",\"scope\":\"openid profile email address phone\",\"expires_in\":86400,\"token_type\":\"Bearer\"}"

What is wrong? why am not getting a full token with the scope am trying to send?
PD: The scopes are well defined since it works good for our SPA login pages, but I need to do the same just scripting.