请求 Auth0-Authorization 扩展中的组列表但返回 403: 范围不足错误

Question

我已Authorization在我的 Auth0 帐户中安装了该扩展程序，因此授权功能可以完美运行，但现在我想访问我在该授权扩展程序中创建的所有组。因此，我遵循了授权文档，但是当我使用为其生成的令牌时，它会403: Insufficient scope在响应中抛出错误。

这些是我经历过的步骤：

1.请求令牌：

 curl -X POST \
  https://my_domain.auth0.com/oauth/token \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -d '{
    "client_id":"auth0-authorization-extension-api-client-id",
    "client_secret":"auth0-authorization-extension-api-secret",
    "audience":"urn:auth0-authz-api",
    "grant_type":"client_credentials"
}'

回复：

{"access_token":"encoded_access_token","expires_in":86400,"token_type":"Bearer"}

2.请求组列表：

 curl -X GET \
  https://domain.us.webtask.io/some_hash/api/groups \
  -H 'authorization: Bearer access_token'

回复：

{
  "statusCode": 403,
  "error": "Forbidden",
  "message": "Insufficient scope"
}

Answer 1

希望这对您来说仍然不是问题，但如果是：

1. Go to your Auth0 dashboard
2. Click on APIs
3. You should have an API called auth0-authorization-extension-api
4. Select Non-interactive clients tab
5. Select the client you want to give access to and change toggle to Authorized
6. There's a drop down arrow beside the authorized toggle, click that and under scopes give access to read:groups. You may need read:users too.

Hope that helps, thanks

Kevin