Access Denied / Unauthorized when calling oauth/token to fetch Idp Token

Hi all!
I’m trying to get Idp Token but always get an Access Denied and Unauthorized response.

I follow this steps:

  1. Create an Machine to Machine App

  2. Set Client_Credentials at Grant Type

  3. Set an API with scope read:users and read:user_idp_token

  4. Use passport-auth0 Strategy and configure login route

    var strategy = new Auth0Strategy({
    domain: ‘xxx’,
    clientID: ‘7saW6f0Zu16m99wrqtRZZNuGHNiri5x6’,
    clientSecret: ‘CFzy1PBwuu73lsejvSxeJudEdupBodPG3bkKnElegIQo280nxh7S0WDdyI-Lc8jh’,
    callbackURL: ‘xxx/callback’
    function (accessToken, refreshToken, extraParams, profile, done) {
    var idToken = extraParams.id_token
    return done(null, {
    access_token: accessToken,
    id_token: idToken,
    profile: profile

  5. Set the route to /login and /callback

    module.exports = (app) => {
    passport.authenticate(‘auth0’, {
    audience: ‘xxx/audience’,
    scope: ‘openid profile read:users read:user_idp_tokens offline_access’}), function (req, res) {

    passport.authenticate(‘auth0’, { failureRedirect: ‘/login’ }),

  6. Create a Controller to make call and handle responses
    async oauthToken (req, res, next) {
    try {
    const userId =, {
    headers: { ‘content-type’: ‘application/json’ },
    body: {
    client_id: ‘7saW6f0Zu16m99wrqtRZZNuGHNiri5x6’,
    client_secret: ‘CFzy1PBwuu73lsejvSxeJudEdupBodPG3bkKnElegIQo280nxh7S0WDdyI-Lc8jh’,
    grant_type: ‘client_credentials’,
    audience: ‘xxxx/api/v2/’},
    json: true })
    .then((error, response, body) => {
    if (error) next(error)
    axios.get(BASE_URL + userId, { headers: { Authorization: Bearer + body.access_token } })
    .then((error, response, body) => {
    if (error) next(error)
    body = JSON.parse(body)
    req.idp_access_token = body.identities[0].access_token
    console.log(‘idp access token’, req.idp_access_token)
    }).catch(err => console.error(err))
    .catch(err => console.error(err))
    } catch (err) {
    error: ‘An error has occured trying to fetch the user’

I’m getting the following error when try get access_token via POST oauth/token:

   { status: 401,
     statusText: 'Unauthorized',
      { date: 'Tue, 14 Aug 2018 13:30:15 GMT',
        'content-type': 'application/json',
        'content-length': '60',
        connection: 'close',
        'x-auth0-requestid': 'e46f8b4438bfac49f3d0',
        'x-ratelimit-limit': '30',
        'x-ratelimit-remaining': '29',
        'x-ratelimit-reset': '1534253416',
        'www-authenticate': 'Basic realm="Users"',
        'cache-control': 'private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0' },
      { adapter: [Function: httpAdapter],
        transformRequest: [Object],
        transformResponse: [Object],
        timeout: 0,
        xsrfCookieName: 'XSRF-TOKEN',
        xsrfHeaderName: 'X-XSRF-TOKEN',
        maxContentLength: -1,
        validateStatus: [Function: validateStatus],
        headers: [Object],
        method: 'post',
        url: '',
        data: '{"headers":{"content-type":"application/json"},"body":{"client_id":"7saW6f0Zu16m99wrqtRZZNuGHNiri5x6","client_secret":"CFzy1PBwuu73lsejvSxeJudEdupBodPG3bkKnElegIQo280nxh7S0WDdyI-Lc8jh","grant_type":"client_credentials","audience":""},"json":true}' },
      ClientRequest {
        domain: null,
        _events: [Object],
        _eventsCount: 6,
        _maxListeners: undefined,
        output: [],
        outputEncodings: [],
        outputCallbacks: [],
        outputSize: 0,
        writable: false,
        _last: true,
        upgrading: false,
        chunkedEncoding: false,
        shouldKeepAlive: false,
        useChunkedEncodingByDefault: true,
        sendDate: false,
        _removedConnection: false,
        _removedContLen: false,
        _removedTE: false,
        _contentLength: null,
        _hasBody: true,
        _trailer: '',
        finished: true,
        _headerSent: true,
        socket: [Object],
        connection: [Object],
        _header: 'POST /oauth/token HTTP/1.1\r\nAccept: application/json, text/plain, */*\r\nContent-Type: application/json;charset=utf-8\r\nUser-Agent: axios/0.18.0\r\nContent-Length: 282\r\nHost:\r\nConnection: close\r\n\r\n',
        _onPendingData: [Function: noopPendingOutput],
        agent: [Object],
        socketPath: undefined,
        timeout: undefined,
        method: 'POST',
        path: '/oauth/token',
        _ended: true,
        res: [Object],
        aborted: undefined,
        timeoutCb: null,
        upgradeOrConnect: false,
        parser: null,
        maxHeadersCount: null,
        _redirectable: [Object],
        [Symbol(outHeadersKey)]: [Object] },
     data: { error: 'access_denied', error_description: 'Unauthorized' } } }

What I’m missing?


1 Like

Did you ever figure this out? I am having the same exact problem.

Actually I figured this out: you have to log into your auth0 account, then go to APIs and go into the settings of the " Auth0 Management API". Under “Machine to Machine Applications” authorize your client and give it the permissions of whatever you need to access (e.g. “users”). My oauth/token POST request looks like this:

    // Get an API authorization token
    var options = {
        method: 'POST',
        url: 'https://' + process.env.AUTH0_DOMAIN + '/oauth/token',
        headers: { 'content-type': 'application/x-www-form-urlencoded' },
        form: {
            grant_type: 'client_credentials',
            client_id: process.env.AUTH0_CLIENT_ID,
            client_secret: process.env.AUTH0_CLIENT_SECRET,
            audience: 'https://' + process.env.AUTH0_DOMAIN + '/api/v2/'

        function (error, response, body)
            if (error) throw new Error(error);

Thank you a lot @cocheci! We’re doing our best in providing you with best developer support experience but sometimes our bandwidth isn’t enough for the amount of questions asked. Really appreciate sharing that knowledge!


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.