Auth0 Postman requests failing with scopes

Second stab at a question here. I am following this quickstart: Auth0 ASP.NET Core Web API SDK Quickstarts: Authorization
I had been experiencing issues trying to integrate it directly into my exsisting work, so I downloaded the quickstart and create a new api to go with it. I changed the necessary properties in appsettings.json, such as the ApiIdentifier, so it would match the new api i created. In that API, i added the scope “read:messages”, so that the pre-written code in the quickstart would match. I am trying to use Postman to check the authentication so I don’t have to write out a whole app to consume the API yet. When i pass the access token to the url for the “private” controller action, it works great. However, when I try to pass the bearer token for the “private-scoped” action, it returns a 403 error. When I try to request a new token in postman, and pass in the client id, client secret, the necessary urls and the scope, “read:messages”, it cannot return the token to me. I get the error: “Error getting access token from client_credentials flow. Could not send request.” I have been dealing with this for days now, with no solutions that I have been able to find. Has anyone experienced this, or have any idea what I can try?

Hi Jason, if you can have a look at the network tab (Inspecting Postman Requests | Postman Blog) and make sure you’re sending your auth request with the correct Content-Type.

In there you’ll also be able to check that no leading or trailing spaces are making their way into your auth URL, or that no other erroneous characters are there.

Thanks. I did that, and verified all the urls were correct. The content type was application/x-www-form-urlencoded; charset=UTF-8. In the preview tab for that request, the error it returned was: “Non-global clients are not allowed access to APIv1”.

Hello, I seem to be having the same issue with testing scopes using Postman. I’ve tried everything mentioned in the comments of this post, but I can’t get past the 403 error. Any help would be appreciated.

I’ve just been having the same issue, and for me the problem was small errors I had made in my configuration. Double check that your rule has the right application name and that you are not using the Test Application that is generated when you create a new application, as your permissions are problably on the NON test application.

1 Like

Thank you, it was a silly error. I found the solution here: Error requesting Access token with scope.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.