Hi,
I’d like to point out that the documentation for PATCH
on the /api/v2/resource-servers/{id}
endpoint requires further clarification.
As I’ve experienced, and as pointed out in this topic:
…it is very easy to miss the fact that PATCH will replace/overwrite ALL of the Resource Server’s scopes/permissions.
I had to spend the entire day setting up what was lost due to a single API request, which I thought would append a single Permission to an existing API.
I believe the documentation should either warn about this behavior in large, bold font, or the API behavior should be changed to what some might consider the “expected behavior”.
If PATCH
’s behavior is as intended, maybe Auth0 should consider adding an API endpoint that only appends a permission/scope to an existing set of scopes for a certain API.
I find it a bit odd that I am required to first fetch all existing scopes, append my new scope to the list, and then issue a PATCH
request.
Am I alone here? Doesn’t this seem like the more common scenario?