401 Unauthorized

to.jontan · June 19, 2020, 6:17am

I have an app on react, and I’m trying to get a Management API token so I can make calls to get a user’s roles.

I’m following this tutorial, and I have added my Client Id and Client Secret for my Regular Web App.
However upon submitting, I receive 401 Unauthorized.

Should I be submitting the ClientId and Client Secret for my Regular Web App Application or the Backend API?

Happy to provide more information if necessary.

karen1 · June 22, 2020, 5:13pm

Good afternoon,

Could you provide the request and response you. are receiving with sensitive information redacted?

I’m guessing a set value might be incorrect.

to.jontan · July 9, 2020, 7:24am

Actually the curl request isn’t working either:

curl --request POST \
  --url 'https://redacted.auth0.com/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data 'client_id=redacted' \
  --data client_secret=redacted\
  --data 'audience=https://redacted.auth0.com/api/v2/'

I added the client_id of my Machine to Machine application and the client_secret of that application.

I have ensured that the Client Credentials grant type has also been checked.

However, the response I get is:

{"error":"access_denied","error_description":"Client is not authorized to access \"https://redacted.auth0.com/api/v2/\". You might probably want to create a \"client-grant\" associated to this API. See: https://auth0.com/docs/api/v2#!/Client_Grants/post_client_grants"}

to.jontan · July 9, 2020, 7:28am

Oh! I think I might have figured it out.

I had to go to my Machine to Machine application, toggle the Authorize switch for Auth0 Management API, and then it worked

to.jontan · July 9, 2020, 7:41am

Celebrated too early. curl worked but nodeJS did not.

I am running the code in the backend

  Axios.post(
    "https://redacted.auth0.com/oauth/token",
    {
      grant_type: "client_credentials",
      client_id: "redacted",
      client_secret:
        "redacted",
      audience: "https://redacted.auth0.com/api/v2/",
    },
    {
      headers: {
        "content-type": "application/x-www-form-urlencoded",
      },
    }
  )
...

Parts of request:

 config:
      { url: 'https://redacted.auth0.com/oauth/token',
        method: 'post',
        data:
         '{"grant_type":"client_credentials","client_id":"redacted","client_secret":"redacted","audience":"https://redacted.auth0.com/api/v2/"}',
        headers: [Object],

Result:

      { error: 'access_denied', error_description: 'Unauthorized' } },

to.jontan · July 9, 2020, 11:54pm

Solved it!

I changed the content-type from application/x-www-form-urlencoded to application/json and that fixed the issue.

konrad.sopala · July 10, 2020, 8:27am

Wooohoo! Perfect glad to hear that and thanks for sharing with the rest of community!

to.jontan · July 10, 2020, 3:51pm

Thank you. Very encouraged by the Auth0 devs and the community.

konrad.sopala · July 13, 2020, 12:02pm

Here for ya! Always cheering up our developer community!

system · July 28, 2020, 12:02pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.