Access Denied / Unauthorized when calling oauth/token to fetch Idp Token

rbrz · August 14, 2018, 2:55pm

Hi all!
I’m trying to get Idp Token but always get an Access Denied and Unauthorized response.

I follow this steps:

Create an Machine to Machine App
Set Client_Credentials at Grant Type
Set an API with scope read:users and read:user_idp_token
Use passport-auth0 Strategy and configure login route

var strategy = new Auth0Strategy({
domain: ‘xxx’,
clientID: ‘7saW6f0Zu16m99wrqtRZZNuGHNiri5x6’,
clientSecret: ‘CFzy1PBwuu73lsejvSxeJudEdupBodPG3bkKnElegIQo280nxh7S0WDdyI-Lc8jh’,
callbackURL: ‘xxx/callback’
},
function (accessToken, refreshToken, extraParams, profile, done) {
var idToken = extraParams.id_token
return done(null, {
id: profile.id,
access_token: accessToken,
id_token: idToken,
profile: profile
})
}
)
Set the route to /login and /callback

module.exports = (app) => {
app.get(‘/login’,
passport.authenticate(‘auth0’, {
audience: ‘xxx/audience’,
scope: ‘openid profile read:users read:user_idp_tokens offline_access’}), function (req, res) {
res.redirect(‘/’)
})

app.get(‘/callback’,
passport.authenticate(‘auth0’, { failureRedirect: ‘/login’ }),
VideosController.oauthToken
)
Create a Controller to make call and handle responses
async oauthToken (req, res, next) {
try {
const userId = req.user.id
axios.post(BASE_URL_OAUTH, {
headers: { ‘content-type’: ‘application/json’ },
body: {
client_id: ‘7saW6f0Zu16m99wrqtRZZNuGHNiri5x6’,
client_secret: ‘CFzy1PBwuu73lsejvSxeJudEdupBodPG3bkKnElegIQo280nxh7S0WDdyI-Lc8jh’,
grant_type: ‘client_credentials’,
audience: ‘xxxx/api/v2/’},
json: true })
.then((error, response, body) => {
if (error) next(error)
axios.get(BASE_URL + userId, { headers: { Authorization: Bearer + body.access_token } })
.then((error, response, body) => {
if (error) next(error)
body = JSON.parse(body)
req.idp_access_token = body.identities[0].access_token
console.log(‘idp access token’, req.idp_access_token)
}).catch(err => console.error(err))
})
.catch(err => console.error(err))
} catch (err) {
res.status(500).send({
error: ‘An error has occured trying to fetch the user’
})
}
}
}

I’m getting the following error when try get access_token via POST oauth/token:

  response: 
   { status: 401,
     statusText: 'Unauthorized',
     headers: 
      { date: 'Tue, 14 Aug 2018 13:30:15 GMT',
        'content-type': 'application/json',
        'content-length': '60',
        connection: 'close',
        'x-auth0-requestid': 'e46f8b4438bfac49f3d0',
        'x-ratelimit-limit': '30',
        'x-ratelimit-remaining': '29',
        'x-ratelimit-reset': '1534253416',
        'www-authenticate': 'Basic realm="Users"',
        'cache-control': 'private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0' },
     config: 
      { adapter: [Function: httpAdapter],
        transformRequest: [Object],
        transformResponse: [Object],
        timeout: 0,
        xsrfCookieName: 'XSRF-TOKEN',
        xsrfHeaderName: 'X-XSRF-TOKEN',
        maxContentLength: -1,
        validateStatus: [Function: validateStatus],
        headers: [Object],
        method: 'post',
        url: 'https://3ecologias.auth0.com/oauth/token',
        data: '{"headers":{"content-type":"application/json"},"body":{"client_id":"7saW6f0Zu16m99wrqtRZZNuGHNiri5x6","client_secret":"CFzy1PBwuu73lsejvSxeJudEdupBodPG3bkKnElegIQo280nxh7S0WDdyI-Lc8jh","grant_type":"client_credentials","audience":"https://3ecologias.auth0.com/api/v2/"},"json":true}' },
     request: 
      ClientRequest {
        domain: null,
        _events: [Object],
        _eventsCount: 6,
        _maxListeners: undefined,
        output: [],
        outputEncodings: [],
        outputCallbacks: [],
        outputSize: 0,
        writable: false,
        _last: true,
        upgrading: false,
        chunkedEncoding: false,
        shouldKeepAlive: false,
        useChunkedEncodingByDefault: true,
        sendDate: false,
        _removedConnection: false,
        _removedContLen: false,
        _removedTE: false,
        _contentLength: null,
        _hasBody: true,
        _trailer: '',
        finished: true,
        _headerSent: true,
        socket: [Object],
        connection: [Object],
        _header: 'POST /oauth/token HTTP/1.1\r\nAccept: application/json, text/plain, */*\r\nContent-Type: application/json;charset=utf-8\r\nUser-Agent: axios/0.18.0\r\nContent-Length: 282\r\nHost: 3ecologias.auth0.com\r\nConnection: close\r\n\r\n',
        _onPendingData: [Function: noopPendingOutput],
        agent: [Object],
        socketPath: undefined,
        timeout: undefined,
        method: 'POST',
        path: '/oauth/token',
        _ended: true,
        res: [Object],
        aborted: undefined,
        timeoutCb: null,
        upgradeOrConnect: false,
        parser: null,
        maxHeadersCount: null,
        _redirectable: [Object],
        [Symbol(outHeadersKey)]: [Object] },
     data: { error: 'access_denied', error_description: 'Unauthorized' } } }

What I’m missing?

Thanks!

cocheci · May 3, 2019, 7:58pm

Did you ever figure this out? I am having the same exact problem.

cocheci · May 8, 2019, 10:17am

Actually I figured this out: you have to log into your auth0 account, then go to APIs and go into the settings of the " Auth0 Management API". Under “Machine to Machine Applications” authorize your client and give it the permissions of whatever you need to access (e.g. “users”). My oauth/token POST request looks like this:

    // Get an API authorization token
    var options = {
        method: 'POST',
        url: 'https://' + process.env.AUTH0_DOMAIN + '/oauth/token',
        headers: { 'content-type': 'application/x-www-form-urlencoded' },
        form: {
            grant_type: 'client_credentials',
            client_id: process.env.AUTH0_CLIENT_ID,
            client_secret: process.env.AUTH0_CLIENT_SECRET,
            audience: 'https://' + process.env.AUTH0_DOMAIN + '/api/v2/'
        }
    };

    request(
        options,
        function (error, response, body)
        {
            if (error) throw new Error(error);
            console.log(JSON.parse(body).access_token);
        }
    );

konrad.sopala · May 8, 2019, 11:24am

Thank you a lot @cocheci! We’re doing our best in providing you with best developer support experience but sometimes our bandwidth isn’t enough for the amount of questions asked. Really appreciate sharing that knowledge!

system · May 23, 2019, 11:35am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do I use "read:user_idp_tokens" and get idP tokens when also using a regular web app Help google , idp	2	3139	September 17, 2021
Nodejs config - Getting an invalid token sent in /callback Help	4	3913	August 24, 2020
Access-denied/Unauthorised while using "auth0.com/oauth/token" Help authentication-api , auth0 , username-password-co , access-is-denied , unauthorized	5	14393	July 26, 2019
Access Token after getting auth code Help	1	3076	January 5, 2019
Another Unauthorized New User Help unauthorized	9	3581	December 8, 2020

Access Denied / Unauthorized when calling oauth/token to fetch Idp Token

Related topics