/api/v2/oauth/token Authentication problems

Hello everyone.

I’m trying to integrate Auth0 with cypress on NextJS. For that I’m using a npm package called cypress-nextjs-auth0.

When I try to authenticate using that package I got an invalid_grant error. Digging deeper into the code I was able to catch the request that is being made to Auth0.

The url is https://.us.auth0.com/oauth/token and is accessed via POST.

The JSON data is:

  "audience": "<MY_AUDIENCE>", // got it from tenant settings > general
  "client_id": "<MY_CLIENT_ID>", // got it from my application, tried it as a regular web application or a machine to machine one
  "client_secret": "<MY_CLIENT_SECRET>", // got it from the same place as the previous one
  "scope": "openid profile email", // not sure if this is right
  "grant_type": "password",
  "username": "username@example.com",
  "password": "some_password"

To that I get the response:

	"error": "invalid_grant",
	"error_description": "Wrong email or password."

User and password are correct.

What am I missing here?

Hi @rogeriobrum

Why are you using ROPG (password grant)? You should probably be using Auth Code or Auth Code + PKCE.

I don’t see a connection specified in your JSON data. Check your app in the Auth0 dashboard and make sure it is enabled for the proper connection - and I think with ROPG you need a default connection.

Also check your tenant logs, they may provide more info.

Mostly though you probably do want to switch to Auth Code or Auth Code + PKCE


Thank you @john.gateley for helping with this community topic.

Hi @rogeriobrum ,

Welcome to the Auth0 Community!

I found a Support ticket with the same query created today. Do you happen to know about the Auth0 Support Ticket? And could you please DM me the tenant so we can verify this? Thank you!

I did choose the grant_type password because it was what the the cypress-nextjs-auth0 docs instructed me to do.
I’m a little lost on this. I don’t find Auth0 docs to be much friendly to be honest.

Yes, it is the same.
I’ll DM you.

Hi @rogeriobrum

Take a look at this page: Which OAuth 2.0 Flow Should I Use?

It explains the different flows and when they are appropriate.


1 Like

@john.gateley Thank you again for contributing to this topic :pray:

@rogeriobrum ,

Thank you for confirming the Support ticket in the DM. As I mentioned, please continue working with the Support team. I will watch out for the updates on the Support ticket and post the solution once it’s solved.

here is the summary of the solution:

The user does not exist in the connection you are trying to connect to hence getting the wrong username or password.

As a workaround, you can try going to the Connections tab in the application and selecting the connection.

To provide more information, the Resource Owner Password Flow uses /token endpoint directly. other flows that use /authorize you may as well use the connection parameter to force the connection you want to connect to (not in the flow you are using), in the authentication API you can see the allowed parameters for the different flows.

This topic was automatically closed after 4 days. New replies are no longer allowed.