Scope not included in token call

Please include the following information in your post:

  • Which SDK this is regarding:

React JS Quick Start App

  • SDK Version:

“version”: “0.1.0”,

  • Platform Version:

React JS

  • Code Snippets/Error Messages/Supporting Details/Screenshots:

Is this a feature request or bug report?

Not a bug report.

I am using the quick start react app available at the above github link. About a year ago, I was able to repurpose it. That old app is still working fine, able to authenticate, authorize and also make calls to a custom API.

On the old app, I am getting all the scopes.

“scope”: “openid profile email read:profiledetails read:seeallquotes read:sitestats read:testperm1 read:testperm2”

Now, I have made a fresh copy of the react app using the quick start option, from the same auth dashboard as the old app. Updating the config file to match the old app config files. I get the following scopes

“scope”: “openid profile email”

Why am I not getting all the scopes as per the user login? Same user, on the old app, gets all the scopes. I believe, the new react app is not asking for all the scopes when it asks for token. But, I have updated all the scopes I need in the auth config.

Both apps - old and new - have the exact same auth file, and are linked to the same auth0 server, same custom api, same everything. I am also using the same user account for testing on both the apps.


“domain”: “”,

“clientId”: “removedonpurpose”,

“audience”: “removedonpurpose”,

“scope”: “read:current_user update:current_user_metadata read:capquotes read:penquotes read:profiledetails read:seeallquotes read:sitestats read:testperm1 read:testperm2”


Why is this happening?

What else should be included in the react app to make it ask for all the scopes?

Right after I posted this (and I ended up posting on stack overflow as well) I discovered that the latest version of the react quick start makes some changes.

especially the following.

// Please see

// for a full list of the available properties on the provider

// const config = getConfig();

// const providerConfig = {

//   domain: config.domain,

//   clientId: config.clientId,

//   ...(config.audience ? { audience: config.audience } : null),

//   redirectUri: window.location.origin,

//   onRedirectCallback,

// };

I missed this part. in the old app, the configuration was done differently. It looked something like this.









    <App />


with the settings read directly from JSON.

Anyway, I went back to the old way for now. The quick start tutorial still shows the old options which threw me off as I was using the tutorial as reference and did not discover that they made changes.

Not blaming the tutorial. I should have investigated in the beginning.

1 Like

No worries! We’ve all been there!

1 Like