When using Client Credentials to get bearer token works in Postman, but get 401 when calling from Node.js application or from front-end web application.
Are you using the same application (client id) in all those three requests? If not, you should check if the client_credentials grant type is enabled for all the applications in the dashboard, under the Advanced Settings of your application:
Otherwise, it could be that from postman you are sending the client secret in the request and since the other frontend applications are public facing, you cannot send the client secret. This will fail if the application you’re using in Auth0 has the Token Endpoint Authentication Method set to anything other than None ( Application Settings ), which is the only setting available for a SPA, since it is a public client.
You can read more about the SPA + API scenario here:
1 Like