Access to client grants

[iegby]

Checklist

• I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

My organization has a large number of applications and APIs. I often want to find out which applications are able to use specific scopes.

With the Auth0 CLI, I can already list:

• all applications
• all APIs
• scopes permitted for each API

But I can't list the client grants, not the full list nor filtered by either client_id or audience. I would like to be able to list all client grants. I am content to filter the result for the client or audience I am interested in, so do not require any filtering flags.

Describe the ideal solution

For example, I would write:

auth0 grants list -n 999 --format json

This would return the information seen in a response to GET https://manage.auth0.com/api/client-grants?page=0&per_page=100&include_totals=false (plus later pages).

I have a large number of client-grants, hence -n 999 and the JSON format is easy to manipulate, hence --format json.

The word grants has other meanings, so you may wish to choose a different name for the command.

Alternatives and current workarounds

At the moment, I open up each API in turn through the dashboard, which takes a long time.

Additional context

No response

[sergiught]

Hey @iegby 👋🏻 ,

We recently added a new command 🧰 auth0 api <method> <url-path> [flags] that is able to make authenticated requests against the management API (https://auth0.com/docs/api/management/v2).

This command is available with https://github.com/auth0/auth0-cli/releases/tag/v0.13.0.

📖 Docs for this command: https://auth0.github.io/auth0-cli/auth0_api.html

Although it doesn't offer first class support for managing client grants, you could use it as an alternative until we have a more dedicated command for this.

Feedback is much appreciate for this new command 🙏🏻 Let us know if you encounter any issues with it.

We'll keep this issue open however until we are able to add a dedicated first class command to manage client grants.

Thanks for your patience! ❤️

[iegby]

That new command is a versatile tool, and I'd be pretty happy to use it. In this case, however, auth0.exe lacks the necessary scope:

❯ auth0 api get client-grants
{
  "statusCode": 403,
  "error": "Forbidden",
  "message": "Insufficient scope, expected any of: read:client_grants",
  "errorCode": "insufficient_scope"
}

The required scopes appear to be listed in auth0.go, but I haven't yet tried building auth0.exe myself.

[sergiught]

Hey @iegby 👋🏻 thanks for the feedback and trying the new command out! 🙌🏻 That's something we missed for the device code flow (when you authenticate as a user), allowing the user to request additional scopes. It will however work if you use the client credentials flow (when you authenticate as a machine). We'll patch the device code flow as well next week tho, stay tuned! 🙇🏻

[sergiught]

Hey @iegby, we just released https://github.com/auth0/auth0-cli/releases/tag/v0.13.1. Mind giving that a try? 🙏🏻

[iegby]

Yes, that works a treat, and without me specifying additional required scopes. This is enough for me to script my workflow. Thank you!