Scope is not being respected

systems1 · June 22, 2018, 8:18am

Hi, am sending a request using a ruby script directly to: /oauth/token. The body looks like:

"{\"grant_type\":\"http://auth0.com/oauth/grant-type/password-realm\",

"username": "qa_test@wakoopa.com","password": "123",
"audience": "https://my-tenant.eu.auth0.com/userinfo\“,
"scope": "openid app app_scope cli",
"client_id": "my-client-id",
"client_secret": "the-access-token",
"realm": "Username-Password-Authentication",
"response_type": "token id_token"}”

But at the response the Scope is not the one am sending, so that the id_token that am getting has not all the user information as I would expect:

"{\"access_token\":\"the-access-token\",\"id_token\":\"the-id-token\",\"scope\":\"openid profile email address phone\",\"expires_in\":86400,\"token_type\":\"Bearer\"}"

What is wrong? why am not getting a full token with the scope am trying to send?
PD: The scopes are well defined since it works good for our SPA login pages, but I need to do the same just scripting.

James.Morrison · December 27, 2018, 6:00pm

Hey @systems1

As it has been more than a few months since this topic was opened and there has been no reply or further information provided from the community as to the existence of the issue we would like to check if you are still facing the described challenge?

We are more than happy to assist in any way! If the issue is still out there please let us know so we can create a new thread for better visibility, otherwise we’ll close this one in week’s time.

Thank you!

James.Morrison · January 3, 2019, 3:00pm

This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.