Error: Authorization Error: invalid_scope: Custom scopes are not allowed for this request

Question

Error: Authorization Error: invalid_scope: Custom scopes are not allowed for this request

Fridus opened this issue 2 years ago · 1 comments

Describe the bug?

I need to add a custom scope

createConfig({
          issuer: "...",
          clientId: "...",
          redirectUri: "...:/callback",
          endSessionRedirectUri: "...:/",
          discoveryUri: "...",
          scopes: ["openid", "profile", "offline_access", "user:delete"],
})

What is expected to happen?

Use an additional scope for accessToken

What is the actual behavior?

Error:

Error: Authorization Error: invalid_scope: Custom scopes are not allowed for this request.

Reproduction Steps?

Create config with a custom scope

Additional Information?

No response

SDK Version

@okta/okta-react-native 2.4.0
OktaOidc (3.11.0)

Build Information

xcode 13.4.1 (13F100)

Answer 1 · 2022-08-08T14:57:18.000Z

The issue was the discoveryUrl which was discoveryUri: "https://{yourOktaDomain}", like it's described in the readme.
The authorize uri was https://{yourOktaDomain}/oauth2/v1/authorize?nonce=xx&response_type=code&code_challenge_method=S256&scope=openid%20profile%20user:delete&code_challenge=xx&redirect_uri=xx:/callback&client_id=xx&state=xx

But we were able to get things working with discoveryUri: "https://{yourOktaDomain}/oauth2/default". In that case, the authorize uri become https://{yourOktaDomain}/oauth2/default/v1/authorize?.... and we are able to get an accessToken with this custom scope.

I don't known if it's related to our client, which seems to make some sorcery and custom things with Okta...
This issue could be close.