401: Unauthorized with FlutterFlow API calls for user authentification

Ready to post? :mag: First, try searching for your answer.
I’m looking for a solution to get my user granted to access to an app; using flutterFlow.

I’ve generated a API Call with all needed information.
When I test it threw this:

Authentication API Debugger

=> all good. I get token and a 200 response.

When I try on Flutterflow with same parameters, I get a 401:
“error”: “access_denied”,
“error_description”: “Unauthorized”

I don’t get it.

Does someone knows which kind of setup I need to adjust to make it work ?
I was following this YouTube videos but on my side impossible to get a 200 response in Flutterflow.

Can someone help me ?


Hey there @fabien1 !

Outside of using the Authentication API debugger, what does your access token look like when you decode it at jwt.io? Feel free to share here but be sure to redact any sensitive information.

Hello @tyf ,
Firstly thanks to try to help me.
I don’t know what to decode here, as the response I get when I’m testing outside (in my case in FlutterFlow) this response only:

  "error": "access_denied",
  "error_description": "Unauthorized"

Failure 401.

The header looks like this:

  "connection": "keep-alive",
  "cache-control": "private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform",
  "access-control-allow-origin": "*",
  "x-ratelimit-reset": "1717621553",
  "x-ratelimit-limit": "300",
  "date": "Wed, 05 Jun 2024 21:05:52 GMT",
  "vary": "Origin, Accept-Encoding",
  "strict-transport-security": "max-age=31536000; includeSubDomains",
  "access-control-expose-headers": "date,content-type,content-length,connection,cf-ray,cf-cache-status,cache-control,strict-transport-security,vary,x-auth0-requestid,x-content-type-options,x-ratelimit-limit,x-ratelimit-remaining,x-ratelimit-reset,server,alt-svc,x-final-url,access-control-allow-origin",
  "x-ratelimit-remaining": "299",
  "x-auth0-requestid": "325*********d80e38",
  "report-to": "{\"group\":\"heroku-nel\",\"max_age\":3600,\"endpoints\":[{\"url\":\"https://nel.heroku.com/reports?ts=1717621551&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=wqo9oo9klcagQFt%2Fj%2B5**********aE1cnl0%3D\"}]}",
  "cf-cache-status": "DYNAMIC",
  "content-type": "application/json",
  "server": "cloudflare",
  "alt-svc": "h3=\":443\"; ma=86400",
  "reporting-endpoints": "heroku-nel=https://nel.heroku.com/reports?ts=1717621551&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=wqo9oo9klc**********KiYRdtUbJW6mWzaE1cnl0%3D",
  "content-length": "60",
  "nel": "{\"report_to\":\"heroku-nel\",\"max_age\":3600,\"success_fraction\":0.005,\"failure_fraction\":0.05,\"response_headers\":[\"Via\"]}",
  "cf-ray": "88f31**********a-IAD",
  "x-request-url": "https://dev-**************.eu.auth0.com/oauth/token",
  "via": "1.1 vegur",
  "x-final-url": "https://dev-****************.eu.auth0.com/oauth/token",
  "x-content-type-options": "nosniff"

I don’t know if this help.
I’m wondering if it’s a question of access control origin ?

Did I get your feedback right ?

By the way I’m trying to connect using this way:

I know it’s not the best way however I’m trying to find a solution to connect a FlutterFlow app with Auth0 Authentification through API calls.
I try to follow the video give above but unable to get 200 response. only 401.
Don’t get why I have this access-denied.

1 Like

No problem, happy to help!

Are you able to extract the user access token you get back upon successful auth? That is what you will want to decode at jwt.io