I’m using the right credentials as far as I can tell, but /oauth/token is returning 403. Anyone know how to troubleshoot this?
I’m following the instructions at
Here’s what Cypress reports (secrets redacted with “xxx”):
The request we sent was:
Method: POST
URL: https://dev-rr9aqzra.us.auth0.com/oauth/token
Headers: {
“Connection”: “keep-alive”,
“user-agent”: “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36”,
“accept”: “/”,
“accept-encoding”: “gzip, deflate”,
“content-type”: “application/json”,
“content-length”: 264
}
Body: {“grant_type”:“password”,“username”:“xxx”,“password”:“xxx”,“audience”:“https://dev-rr9aqzra.us.auth0.com/api/v2/",“client_id”:“xxx”,“client_secret”:"xxx”}
The response we got was:
Status: 403 - Forbidden
Headers: {
“date”: “Wed, 29 Dec 2021 02:58:40 GMT”,
“content-type”: “application/json”,
“transfer-encoding”: “chunked”,
“connection”: “keep-alive”,
“cf-ray”: “6c4fc4980dd632fa-EWR”,
“cache-control”: “private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform”,
“set-cookie”: [
“did=s%3Av0%3A39b091d0-6853-11ec-a952-1f69958ecbc6.73sp%2BLVZU8NkrJ9VF2ofQoTj1p3hLn7xFlzW5Qj0FGA; Max-Age=31557600; Path=/; Expires=Thu, 29 Dec 2022 08:58:40 GMT; HttpOnly; Secure; SameSite=None”,
“did_compat=s%3Av0%3A39b091d0-6853-11ec-a952-1f69958ecbc6.73sp%2BLVZU8NkrJ9VF2ofQoTj1p3hLn7xFlzW5Qj0FGA; Max-Age=31557600; Path=/; Expires=Thu, 29 Dec 2022 08:58:40 GMT; HttpOnly; Secure”
],
“strict-transport-security”: “max-age=31536000”,
“vary”: “Accept-Encoding, Origin”,
“cf-cache-status”: “DYNAMIC”,
“expect-ct”: “max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct””,
“ot-baggage-auth0-request-id”: “6c4fc4980dd632fa”,
“ot-tracer-sampled”: “true”,
“ot-tracer-spanid”: “33a90f300a6b65c4”,
“ot-tracer-traceid”: “734a6576272b2ca1”,
“x-auth0-requestid”: “75d76217265dd20ca3dc”,
“x-content-type-options”: “nosniff”,
“x-ratelimit-limit”: “30”,
“x-ratelimit-remaining”: “29”,
“x-ratelimit-reset”: “1640746721”,
“server”: “cloudflare”,
“alt-svc”: “h3=”:443"; ma=86400, h3-29=“:443”; ma=86400, h3-28=“:443”; ma=86400, h3-27=“:443”; ma=86400"
}
Body: {
“error”: “access_denied”,
“error_description”: “Unauthorized”
}