Auth0 - 爲什麼範圍不足以及如何處理？

Question

我正在嘗試使用Auth0進行身份驗證並獲取用戶數據。

import json 
import requests 

payload = { 
    'grant_type': 'password', 
    'username': '********', 
    'password': '********', 
    'client_id': '********', 
    'connection': 'Username-Password-Authentication', 
    'scope': 'openid' 
    # 'scope': 'openid, read:clients, read:client_keys' 
    # 'scope': 'read:clients' 
} 
base = 'https://********.auth0.com' 

url = base + '/oauth/ro' 
response = requests.post(url, data=payload) 
response = json.loads(response.content) 

headers = {"Authorization": "bearer " + response["id_token"]} 
response = requests.get(base + '/api/v2/clients/joebloggs', headers=headers).json() 

print response 

我不斷收到什麼是

{u'errorCode': u'insufficient_scope', u'message': u'Insufficient scope, expected any of: read:clients,read:client_keys', u'error': u'Forbidden', u'statusCode': 403} 

究竟什麼是錯誤的，該怎麼辦呢？

Answer 1

您不能使用id_token作爲Auth0 API。您需要API（v2）的特定標記（在您的情況下，您需要read:client範圍）。看到這裏：https://auth0.com/docs/api/management/v2