Tool doesn't respect scopes set for designated application

Please do not report security vulnerabilities here. The Responsible Disclosure Program details the procedure for disclosing security issues.

Thank you in advance for helping us to improve this library! Please read through the template below and answer all relevant questions. Your additional work here is greatly appreciated and will help us respond as quickly as possible. For general support or usage questions, use the Auth0 Community or Auth0 Support. Finally, to avoid duplicates, please search existing Issues before submitting one here.

By submitting an Issue to this repository, you agree to the terms within the Auth0 Code of Conduct.

Description

Provide a clear and concise description of the issue, including what you expected to happen.

With the release of 7.9.0 #495 introduced breaking behaviour for us. We only deploy Hooks, Actions and Rules (including bindings and config etc) and the client for the management API only has these rights:

• read:rules
• update:rules
• create:rules
• read:rules_configs
• update:rules_configs
• read:hooks
• update:hooks
• create:hooks
• read:actions
• update:actions
• create:actions

That worked fine until now. We currently see the following error in our pipeline:

[...]
2022-04-21T09:54:06.339Z - error: Problem running command import during stage processChanges when processing type logStreams
2022-04-21T09:54:06.339Z - error: Insufficient scope, expected any of: read:log_streams
2022-04-21T09:54:06.340Z - debug: Forbidden: Insufficient scope, expected any of: read:log_streams
    at /usr/local/lib/node_modules/auth0-deploy-cli/node_modules/rest-facade/src/Client.js:402:25
    at Request.callback (/usr/local/lib/node_modules/auth0-deploy-cli/node_modules/superagent/lib/node/index.js:905:3)
    at /usr/local/lib/node_modules/auth0-deploy-cli/node_modules/superagent/lib/node/index.js:1126:20
    at IncomingMessage.<anonymous> (/usr/local/lib/node_modules/auth0-deploy-cli/node_modules/superagent/lib/node/parsers/json.js:22:7)
    at Stream.emit (node:events:526:28)
    at Stream.emit (node:domain:475:12)
    at Unzip.<anonymous> (/usr/local/lib/node_modules/auth0-deploy-cli/node_modules/superagent/lib/node/unzip.js:53:12)
    at Unzip.emit (node:events:526:28)
    at Unzip.emit (node:domain:475:12)
    at endReadableNT (node:internal/streams/readable:1345:12)

We have nothing configured with streams and have set the "AUTH0_ALLOW_DELETE": false.

Reproduction

Detail the steps taken to reproduce this error, what was expected, and whether this issue can be reproduced consistently or if it is intermittent.

Where applicable, please include:

• Code sample to reproduce the issue
• Log files (redact/remove sensitive information)
• Application settings (redact/remove sensitive information)
• Screenshots

You should be able to reproduce it with any client that has not the right to read streams and no streams related config is set in the tenant yaml.

Environment

Please provide the following:

• Version of this library used:
• Version of the platform or framework used, if applicable:
• Other relevant versions (language, server software, OS, browser):
• Other modules/plugins/libraries that might be involved:

Problem occurred with 7.9.0