Auth Token not working

Similar to [How do I get an auth token](https://community.auth0.com/t/how-do-i-get-an-auth-token-using-postman-instead-of-the-browser/69226)

In my ruby app, I have:

url = URI('https://quicky.eu.auth0.com/authorize?response_type=code&'\
'client_id=REMOVED&redirect_uri=http://localhost:'\
'3002/auth/auth0/callback&scope=SCOPE&audience=editable-api&state=STATE')

    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = true
    http.verify_mode = OpenSSL::SSL::VERIFY_NONE

    request = Net::HTTP::Get.new(url)

this returns a 302 response, where the body is simply:

Found. Redirecting to /u/login?state=hKFo2SBEMU5CY... (etc)

According to the documentation, I should instead be getting:

HTTP/1.1 302 Found
Location: http://localhost:3002/auth/auth0/callback?code=AUTHORIZATION_CODE&state=xyzABC123

Now when I instead enter the https://quicky.eu.auth0.com/authorize URI above into the browser, it does correctly respond with http://localhost:3002/auth/auth0/callback?code=CORRECT_CODE&state=STATE, although it raises a CSRF response.

How can I get this to work from inside the server instead of via the browser?

Hello @wrftaylor. response_type=code implies you are using the authorization code flow, which means you are logging in as a user. If you want to do this without user interaction you need to use the client credentials flow instead which allows for machine-to-machine communications without user interaction.

1 Like

Thanks markd! Ok, that’s clarifying.

Teamwork makes the dreamwork!