Out of nowhere we started to receive “User is not authorized to the audience for those scopes” errors 5 hours ago. Nothing was changed in our infrastructure recently. Has somebody similar issue or any idea how to debug this?
We released a fix for this early this morning. You should no longer experience this problem. See here for more details.
Hi,
When signing up a new user, or loggin in as an existing user, we are receiving a 400 with the following error body:
{“error”:“invalid_scope”,“error_description”:“User is not authorized to the audience for those scopes”}.
This was previously working without issue until this was brought to my attention this morning.
When we include only the openid scope, we get a 200, as expected. I should add, the 400 is only returned when the user_metadata or app_metadata scopes are sent.
Any help/information would be greatly appreciated.
Thanks @tobias.jone for reporting that!
I’ll investigate it and get back to you with what I found. Were you able to reproduce it again, I mean is the issue still occuring?
Thank you!
Hi Konrad,
Luckily for our use case, we only need the openid scope for our application to function correctly - we simply removed the user_metadata scope, which consequently fixed the bug in our application.
That said, we could certainly see if the issue is still occurring when the user_metadata or app_metadata scopes are included, if that would help?
Thanks!
Tobias