DXCDT-294: Add all management API scopes

[willvedd]

🔧 Changes

Previously, only required scopes were requested during device flow authentication, which was a sensible decision given that the capabilities of the CLI were finite. However, now that the api command exists (docs), the Auth0 CLI now technically has the capability to execute any Auth0 Management API request. Because of this, we need to request all scopes during authentication.

Otherwise, requests made to endpoints that lack sufficient scope will be greeted with an error.

Example:

$ auth0 api get "/grants"
{
  "statusCode": 403,
  "error": "Forbidden",
  "message": "Insufficient scope, expected any of: read:grants",
  "errorCode": "insufficient_scope"
}%

While this seems like a possible over-provisioning of scopes, the precedent has already been set that all Auth0 CLI capabilities have the correlating scopes requested. This change is an acknowledgement that the Auth0 CLI has complete feature parity with the Management API now.

Perhaps in the future we will evaluate a mechanism for the user to specify the scopes that they want to grant, but that is way out the scope of this ticket.

This will also mean that as the Management API expands the available scopes due to expansion, the Auth0 CLI will also need to update this lists of scopes to enable those features to be used in this tool via the api command.

📚 References

• Original api command PR: DXCDT-264: Add api command #531
• Management API docs

📝 Checklist

• All new/changed/fixed functionality is covered by tests (or N/A)
• I have added documentation for all new/changed functionality (or N/A)

[sergiught]

We decided to add all the required API scopes right now and defer the ability to pass in any extra needed scopes through the login command for v1.