401 Unauthorized Post /oauth/token using Resource Owner Flow

ibrahimsam96 · February 20, 2022, 2:33am

Express App:6001, React App:3000 .

  var data = {
    grant_type: 'password',
    client_id:'----------------------',
//    client_secret: '---------------',
    audience: 'https://dev-49v8whrc.us.auth0.com/api/v2/',
    // scope: "read:sample",
    password: req.body.password,
    username: req.body.username,
  }

axios.post('https://dev-49v8whrc.us.auth0.com/oauth/token', data, {

    headers: { 'content-type': 'application/x-www-form-urlencoded' },

  }).then((response: any) => {

    res.json(response)

    console.log(response)

  }).catch((error: any) => {

    res.json(error.response.data)

    console.log(error.response)

  });

I’m sure of the user credentials and client_id. I signed up the user using the sign-up endpoint and it works. Also tried including secret and audience keys. Unsure how I’m receiving the error, any hint in what I’m doing wrong? It also works on the debugger but not on my app ;/

SaqibHussain · February 20, 2022, 10:10am

Hey @ibrahimsam96,

Thanks for getting in touch with us at Auth0 Community.

I note that you have client secret commented out, this will need to be present. I tested with the curl below successfully:

curl --request POST \
  --url 'https://YOUR_DOMAIN/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=password \
  --data 'client_id=eLltTv5EmEXOBeZDrjMa4VjGVVVXgc3o' \
  --data 'client_secret=YOUR_CLIENT_SECRET' \
  --data 'audience=https://YOUR_DOMAIN/api/v2/' \
  --data username=USERNAME \
  --data password=PASSWORD

Let me know if you’re still having issues.

Warm regards.

ibrahimsam96 · February 20, 2022, 4:33pm

I’m having the same problem whether I include the secret or not.

In the Resource Owner Password Flow - Only the grant_type,client_id,username,password are required.
https://auth0.com/docs/api/authentication#resource-owner-password

What application type I should select for the above endpoint to work?. Currently in the api debugger, Machine to Machine with None for the token endpoint works but unfortunately returns an error when I run it from my app

SaqibHussain · February 20, 2022, 8:08pm

Hi @ibrahimsam96
I used a native app in my testing, does it work if you run your parameters as a curl statement as per my example, this will help troubleshoot the issue, also ensure the password grant is enabled on your client?

Look forward to hearing from you.
Warm regards.

fernando.torres · May 31, 2022, 4:08am

Hello everyone,

I had this problem, and noticed that in Postman or with cURL I received the access token with no problems, while when I was trying with Node (axios) it did not work. I stumbled across this, and just deleting the headers in the request fixed the issue.

Regards,

Fernando

konrad.sopala · May 31, 2022, 11:55am

Thanks for sharing that with the rest of community!