OpenID scope returns error

When I add the OpenID scope (as per docs) I get an error when trying to authorize.

    "message": "The OPENID or Legal entitities scopes are not supported for this application",
    "type": "bad_request"

How do I get this to work? I would like to be able to uniquely identify the user, without the ID Token all we get back is the merchant id.

Hey @kylem welcome to the forums!

This is a legacy scope that I don’t believe is supported with current applications. Could you explain what you’re trying to do exactly? The OAuth API is meant for generating an access token for a specific Square merchant account, not a specific user.

So I’ve essentially built a ‘login with square’ integration so merchants can login to the backend of my application with their square account. Given the info I get back at the moment, when I create a ‘user’ on my end, my only option really is to use the merchant id as the unique id. This means that any square account related to that merchant will login as the same ‘user’ on my system.

Ideally I’d like to have individual accounts for each of the square users and then relate them to their merchant id. This would require a unique user id in the jwt/a user api i can access. It would also be great to get back their name and any other info square has on them to set up their account.

I’m not sure what you mean by “any square account related to that merchant…”. Currently, only the owner of the Square account can authorize your application (not any other employees), so even if we did return the user, it would always be the owner (which you can find in the Employees API). OAuth isn’t really meant to be used to replace the login process, it’s simply so the merchant can say they approve your application to have access to their account, and in return, your application can do API calls on their behalf.

Ah I see, maybe that was a misunderstanding on my part, I figured merchants could have multiple logins to their dashboard (say for example there were different managers at different locations). So there is only one square account that can login to a single merchant id?

No, any number of employees can login to the same merchant account, but again the OAuth knows nothing about logged in states. Only the owner has permissions to accept the OAuth authorization, no other employee can accept it (they would receive an error about being access denied or something). If you need the list of employees for a given Square merchant account, you should take a look at the Employees API which will return all of those.