scopes not matching #1
Description
I saw your presentation at ng-conf on Authentication & Authorization. In the presentation your slides clearly show the email from the profile page working however when I use your demo from (step 5) or a stripped down angular app based on https://auth0.com/docs/libraries/auth0-angular-spa (which has several mistakes in the code examples) I don't get email address back in the user$ response.
I see the correct scopes being requested in the app's redirect to auth0 but the response (on my striped down version) returns:
&redirect_uri=http%3A%2F%2Flocalhost%3A4200
&scope=openid%20profile%20email
&response_type=code
&response_mode=query
&nonce=
I have tried this with both user-password and google authentication with the same result.
After the redirect back to the application I see the following:
auth0-spa-js.production.esm.js:15 The requested scopes (openid profile email) are different from the scopes of the retrieved token (openid profile read:messages). This could mean that your access token may not include all the scopes that you expect. It is advised to resolve this by either:
- Removing `email` from the scope when requesting a new token.
- Ensuring `email` is returned as part of the requested token's scopes.
And no email returned in the user's object:
{
"given_name": "Given",
"family_name": "Family",
"nickname": "my.nickname",
"name": "My Name",
"picture": "https://lh3.googleusercontent.com/.../photo.jpg",
"locale": "en",
"updated_at": "2021-01-15T19:46:02.364Z",
"sub": "google-oauth2|uuid3"
}
Idk where read:messages is coming from, per the warning.
I have attempted to set the options on the AuthModule.forRoot() to change the default scopes with no luck. Any ideas?