Auth0 Home Blog Docs

Trobles with getting APIs scopes

scopes
authorization

#1

I’m using Auth0 for my application and authentication works fine. But when I tried to implement authorization I got issue. I’m following Angular 2+ tutorial and have such auth.service now https://gist.github.com/Sergeytroinin/8e32d810d4d734fb80dbd4a7db57d04d

The issue is - missing APIs scopes in the response. I’m asking “openid read:company” but getting only “openid” in the authResult. If I add profile to request - I’ll get it back, but APIs scopes don’t work. The “read:company” scope exists.

I’ve already tried following tutorial step-by-step and using code from examples repo. But it still broken. What am I missing? Thanks in advance.


#2

I could not reproduce the issue, although I did not test it with Angular I performed what I think to be the equivalent Auth0.js request using a different SPA framework. In my test the access token issued contained the API scope I initially requested.

For easier troubleshooting you may want to update the question with the actual request being made by the browser to the /authorize endpoint (you can redact client identifier and redirect URL’s if you prefer) so that it’s possible to confirm that I’m really performing an equivalent request.

In addition, you can also clarify what would you exactly meant by not getting the scope in the authResult object.


#3

Thanks for your response. Let me clarify some details.

I’m using Auth0 hosted login page. So technically I’m not making request, but going to the my Auth0 domain and passing all the params to query string like

    login?
client=my_client_id
&protocol=oauth2
&redirect_uri=my_redirect_url
&response_type=token%20id_token
&scope=openid%20profile%20email%20read%3Atest
&audience=my_audience_url
&nonce=sample_data
&auth0Client=sample_data

As you can see, I’m passing scopes, that I want to get in the query param. Then I’m redirecting to my callback url and getting response in the hash params. Like this

callback#
access_token=access_token
&scope=openid%20profile%20email&expires_in=7200
&token_type=Bearer
&state=my_state
&id_token=id_token

JS library just parse it and provide me with ready to use result.

accessToken: access_token
appStatus: null
expiresIn: 7200
idToken:id_token
idTokenPayload:{
    nickname: "test15",
    name: "test15@test.com",
    picture: "https://s.gravatar.com/avatar/86191366051237303b9e…&d=https%3A%2F%2Fcdn.auth0.com%2Favatars%2Fte.png",
    updated_at: "2017-11-15T08:54:12.242Z", 
   email: "test15@test.com", 
   …
}
refreshToken:null
scope:"openid profile email"
state: my_state
tokenType:"Bearer"

And scopes are different from those I requested.

In the dashboard I’ve created new API and added read:test scope there. And I’m a bit confused now. I’ve been doublechecking all the setting in both app and dashboard and according to the docs it has to work. But it doesn’t. So I hope that somebody could show me the right direction. Thanks.


#4