Hello Auth0 Community!
I am using Auth0 as an IdP (let’s call it app1) for my application and I am also using Auth0 as authorization server (let’s call it app2). I created an OIDC enterprise connection to sync users between the two tenants, which is already working to some extent. Altough my issue is, that the permissions/scopes are not synced from the IdP to the authorization server.
So the flow is as follows:
when I open my application, the authorize endpoint is being called with the clientId for app2 and the name of the enterprise connection I created. This is getting redirected to to the authorize endpoint of app1, then I can log in with the user from the tenant of app1, the user gets created in the tenant of app2, but it has zero permissions or scopes. The JWT token contains only openid and profile scopes, although I specified multiple custom ones on the connection in the Auth0 portal as well as on the authorize endpoint with the scope parameter.
Could you maybe help me out what am I missing?
I tried to specify connection_scope parameter on the authorize endpoint as well, but it ended up returning an error saying “id_token not present in tokenset”. I am using response_type=code on the authorize calls, but I tried to change it to id_token, but with no luck, I’ve got the same response.
Thank you very much in advance!