Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DXCDT-294: Add all management API scopes #538

Merged
merged 1 commit into from
Dec 5, 2022

Conversation

willvedd
Copy link
Contributor

@willvedd willvedd commented Dec 1, 2022

🔧 Changes

Previously, only required scopes were requested during device flow authentication, which was a sensible decision given that the capabilities of the CLI were finite. However, now that the api command exists (docs), the Auth0 CLI now technically has the capability to execute any Auth0 Management API request. Because of this, we need to request all scopes during authentication.

Otherwise, requests made to endpoints that lack sufficient scope will be greeted with an error.

Example:

$ auth0 api get "/grants"
{
  "statusCode": 403,
  "error": "Forbidden",
  "message": "Insufficient scope, expected any of: read:grants",
  "errorCode": "insufficient_scope"
}%

While this seems like a possible over-provisioning of scopes, the precedent has already been set that all Auth0 CLI capabilities have the correlating scopes requested. This change is an acknowledgement that the Auth0 CLI has complete feature parity with the Management API now.

Perhaps in the future we will evaluate a mechanism for the user to specify the scopes that they want to grant, but that is way out the scope of this ticket.

This will also mean that as the Management API expands the available scopes due to expansion, the Auth0 CLI will also need to update this lists of scopes to enable those features to be used in this tool via the api command.

📚 References

📝 Checklist

  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

@willvedd willvedd requested a review from a team as a code owner December 1, 2022 22:29
@willvedd willvedd marked this pull request as draft December 1, 2022 22:37
@willvedd willvedd requested a review from evansims December 2, 2022 16:23
@sergiught sergiught force-pushed the DXCDT-294-add-missing-scopes-for-api-command branch from 074ee05 to 992fb59 Compare December 5, 2022 11:41
@sergiught sergiught force-pushed the DXCDT-294-add-missing-scopes-for-api-command branch from 992fb59 to b7fda91 Compare December 5, 2022 11:53
@sergiught sergiught marked this pull request as ready for review December 5, 2022 15:20
@sergiught sergiught changed the title DXCDT-294: Adding all management API scopes DXCDT-294: Add all management API scopes Dec 5, 2022
@sergiught sergiught merged commit 42a703d into main Dec 5, 2022
@sergiught sergiught deleted the DXCDT-294-add-missing-scopes-for-api-command branch December 5, 2022 15:22
@sergiught
Copy link
Contributor

We decided to add all the required API scopes right now and defer the ability to pass in any extra needed scopes through the login command for v1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants