401 on POST to custom API

Hi!

Stack: NextJS, custom Node/Express API with protected routes, Auth0 for authentication.

Flow is as follows:

  • Login to Auth0 from Next app
  • On successful login, call the Management API to get an auth token
  • Use auth token to access protected routes in Node/Express API

So using the token, I’m able to access protected routes on my API, only when making a GET request. POST requests returns a 401 unauthorized error.

Does anyone have any thoughts on this?

Thanks!

Hi @itsm,

Welcome back in the Auth0 Community!

It’s possible that the issue with the POST requests returning a 401 unauthorized error is related to the way you are sending the authentication token in your requests. Here are a few things to check:

  1. Make sure that you are including the authentication token in the Authorization header of your POST requests. You should include the word “Bearer” followed by a space, then the token itself. For example:
Authorization: Bearer <access_token>
  1. Check that the token you are using is valid and has the necessary scopes to access the protected routes. You can use a tool like jwt.io to decode the token and inspect its contents.

Hi @itsm :wave:

Ordinarily you should be able to obtain an Access Token for a (custom) API by specifying an audience parameter on either a call to the Auth0 `/authorize’ endpoint, or when using one of the Auth0 SDKs; see here for further details.

The Access Token should be passed to the API as previously indicated, and the API should then validate both the audience and the scope for the operation requested :sunglasses:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.