401 "Bad audience:' when trying to access Management API

Hi everybody, I was trying to find answer in previous questions, but it looks like there is no one recipe, so asking here:-)

So what I need: I nee to connect to management API to modify user’s metadata,

What I’m doing:

  1. I’m creating JWT:
    POST/https://[tenant].auth0.com/oauth/token
    {
    “client_id”: “ID”,
    “client_secret”: “SEC”,
    “audience”: “auth0.[domain].com”,
    “grant_type”: “client_credentials”
    }
    and got this response:
    {
    “access_token”: “[access_token]”,
    “scope”: “read:clients”,
    “expires_in”: 86400,
    “token_type”: “Bearer”
    }

  2. Trying to use this token to access:
    GET/https://[tenant].auth0.com/api/v2/users
    and got this message:

{
“statusCode”: 401,
“error”: “Unauthorized”,
“message”: “Bad audience: auth0.[domain].com”
}

so what I’m ding wrong? can anybody to advice? Thanks in advance!

Hey @JetMatt, Welcome to the Auth0 Community!

The audience for the management api in the “/oauth/token” request needs to be the
Management API identifier.
On your dashboard if you go to APIs-> Auth0 Management API -> API Audience is mentioned next to the name.

Do check and let me know how you go!

Regards,
Sid

1 Like

Hi @sidharth.chaudhary - I see this name (auth0.mydomain.com), I do not understand where should use it?

I’m already using this name to get token (https://*****.auth0.com/oauth/token)
{
“client_id”: “”,
“client_secret”: “”,
“audience”: “auth0.mydomain.com”,
“grant_type”: “client_credentials”
}

And successfully get the JWT.

But this token doesn’t work with this request: GET/https://*****.auth0.com/api/v2/users, it gives

{
“statusCode”: 401,
“error”: “Unauthorized”,
“message”: “Bad audience: auth0.mydomain.com
}
is see that audience from response (auth0.mydomain.com) is different from the real one auth0.mydomain.com

have no idea why. Please advice.

Hey, Sid, you suggestion didn’t help. Why you marked your answer as solutions? Can you answer my question and help me get access to the API?

Hey @JetMatt, the Audience needs to be the API identifier not the Auth0 domain (auth0.mydomain.com)

Please find the screen shot which shows the audience for the management API, you will need to use the complete link as the API audience as shown not just the domain.

Let me know how you go!

Regards,
Sid