Social Permissions in Auth0 vs Scope in Google OAuth consent Screen

What is the difference between setting social permissions in Auth0 vs the Google OAuth consent Screen? Do I need to set both? Auth0’s permissions seem to be less granular.

For example, I want to get permissions for …/auth/calendar.events in google but my only option in auth0 is Calendar which is a broader scope.

VS

What is the correct way to request these permissions?

From the screenshot you provided the scope settings on the Google side seem to be about which scopes Google itself will allow for the application to access. Within Auth0 it’s about the ones that will be requested when starting a login through Google so setting them in Auth0 only means they are included in the request, but that by itself does not imply they will be given.

In relation to the situation where the available options in the connection settings are not granular enough or don’t include a relatively recent scope you can always consider the possibility listed at (https://auth0.com/docs/connections/adding-scopes-for-an-external-idp#2-pass-scopes-to-authorize-endpoint) which would give you more fine-grained control.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.