So, moving forward with adoption of Auth0 new tokens, and came to a new problem. We are using multiple clients and multiple connections. Each client is configured to use each own connection(like production client - production connection, staging - staging connection).
So for old /ro endpoint all was good, we just supplied connection in the API call, and that was all right.
Now we are moving towards new to /oauth/token endpoint, I created api, allowed prod client for that api, and
then I am making a call, it started to return Disabled connection to test database. Turns out, that it uses Default Directory for some unknown reason. So I changed Default Directory to production one, but now we are unable to use the Staging with a staging API, that looks to staging client that has connection to staging data, because calls to that api requests Production connection. Isn’t it logical to just use the same connection that is provided by the client? If I request with client credentials? How can I force new Auth0 endpoint to use the specified connection?
If you’re using /oauth/ro
for the resource owner password credentials grant you have two options when migrating to /oauth/token
for the same grant:
- Use
grant_type=password
; this will mean that user credentials will be validated against the default connection - always. - Use
grant_type=http://auth0.com/oauth/grant-type/password-realm
; this will allow you to pass an additional parameter,realm
, where you can specify the name of the connection/realm against which you want the credentials to be validated.
Based on the information provided you will want to use second grant option that allows to specify the realm. See the reference documentation for further information.
In addition, you seem to be using the same account both for production and staging; the recommended approach would be to have separate accounts for each environment in order to guarantee better isolation.