Go to Dashboard > Auth0 Pipeline > Rules. You can set up Rules for a number of different purposes, from user management to enriching user profiles. If you need to deny a user access to your API, you can create Roles with assigned scopes, then create a rule to remove scopes from the :
{function (user, context, callback) { var permissions = user.permissions || []; var requestedScopes = context.request.body.scope || context.request.query.scope; var filteredScopes = requestedScopes.split(' ').filter( function(x) { return x.indexOf(':') < 0; }); var allScopes = filteredScopes.concat(permissions); context.accessToken.scope = allScopes.join(' '); callback(null, user, context);}
