Updating Application Scopes via API

Hi everyone,

I am currently involved on the implementation of the Auth0 CLI. So far so good, application created, CLI exported, CICD pipeline implemented and it successfully imports the CLI for the tenant(s)

However, there is something else I would like to add: the chance to modify the application scopes from the same CLI.

We are nearly finished with the project but I don’t know what is going to happen in the future. Because of that I want to give the developers to add or remove scopes from the application but also, doing this will help the company to track the changes on the repository (imagine someone changes it manually on the website, a few things start failing and well… the last thing you would think about is that)

So I came up with a plan: what if I create a management-application with the sole purpose of changing the scopes for other applications?

I do not want to do this through the CLI for this new application as that would force me (minimum) to have a second yaml and 1 extra config files per environment. (This would be my plan B)

I thought I could only add an extra step on the pipeline to run an script that retrieve a token from that management-application and then send an API request to modify the scopes of the main application. But I have been testing it on postman and well… It doesn’t like it:

  • PATCH: https:///api/v2/clients/
  • Headers:
    – content-type: application/json
    – cache-control: no cache
  • Token: Bearer
  • Body: raw/json
{ 
    "scopes": [
        "read:client_grants",
        "create:client_grants",
        "update:client_grants",
        "read:client_keys",
        "update:client_keys",
        "read:rules",
        "update:rules",
        "delete:rules",
        "create:rules",
        "read:actions",
        "update:actions",
        "delete:actions",
        "create:actions",
        "read:tenant_settings",
        "update:tenant_settings",
        "read:custom_domains",
        "update:custom_domains",
        "read:email_templates",
        "create:email_templates",
        "update:email_templates",
        "read:mfa_policies",
        "update:mfa_policies",
        "read:prompts",
        "update:prompts",
        "read:branding",
        "update:branding"
    ]
}
  • Response:
{
    "statusCode": 400,
    "error": "Bad Request",
    "message": "Payload validation error: 'Additional properties not allowed: scopes'.",
    "errorCode": "invalid_body"
}

I tried other bodies, grant_type, permissions, and many other things and… I really don’t know what else to do. There is no documentation at all regarding this or at least none I couldn’t find it. Any suggestion?

Thanks,

Jesus.

Hi @jesusperezmarin,

Welcome to the Auth0 Community!

I understand that you are trying to update your API Scopes with the Management API.

When looking at your request, it appears that you are calling the Management API Update a client endpoint with a list of scopes intended for the Management API.

However, it is not possible to change the scopes on the Auth0 Management API found on your Dashboard. Moreover, creating a separate “management-application” API will not provide correct access to the Management API.

With that said, if you intend to update the scopes on a custom API, please call the Management API Update a resource server endpoint.

Using the Auth0 Deploy CLI should not require you to create a second YAML and config.json file per environment because there is the option to specify the new API (resourceServer) directly in your YAML file, and it will import accordingly. Additionally, making changes to your YAML file and pushing them to your repository should help you track any changes.

I hope this helps!

Please let me know if there’s anything else I can do to help.

Thank you.