Problem statement

Applying the tenant’s configurations through the Auth0 Terraform provider generates the following error in the tenant log:

{
"date": "2024-01-28T16:09:29.581Z",
"type": "feccft",
"description": "ReferenceError on credentials-exchange: scope is not defined",
"connection_id": "",
"client_id": "xxxxxxx",
"client_name": "Terraform Auth0 Provider",
"ip": "xxxxxxx",
"user_agent": "xxxxxxx",
"details": {
"actions": {
"executions": ["xxxxxxx"]
}
},
"hostname": "[xxxxxxxauth0.com](http://xxxxxxxauth0.com/)",
"user_id": "",
"user_name": "",
"audience": "[xxxxxxx.auth0.com/api/v2/"](http://xxxxxxx.auth0.com/api/v2/)",
"scope": null,
"log_id": "xxxxxxx",
"_id": "xxxxxxx",
"isMobile": false,
"id": "xxxxxxx"
}

This article clarifies why this error appears and how to resolve it.

Troubleshooting

1. Tenant Logs - Check logs with the following conditions:

“type”: “feccft”,

“description”: “ReferenceError on credentials-exchange: scope is not defined”

2. Tenant Logs - Check if there are any errors in Actions
3. Read Actions Scripts

Cause

If there are errors in Actions, the issue would be triggered by the Actions that intercept the M2M calls.

Solution

Please try the following:

1. Detach the Action from the Machine to Machine flow, apply configurations by Auth0 Terraform Provider, and observe the log.
2. Attach the Action to the Machine-to-Machine flow, specify scopes in the resource, apply configurations by Auth0 Terraform Provider, and observe the log.

Related References:

• Granting API Access to Applications with Terraform
• Resource: auth0_client_grant