Auth0 with Postman and others (with default audience)

HI all,

I wanted to use auth0 together with Postman but that does not work as it needs an audience in the authentication header.

I thought that, if I use a M2M application and create a client id/secret AND set the default audience to the audience it should be that it would work but thats not the case…

Is there any way possible to execute api calls using the standard oauth2 flows without feeding the audience tag?

When I call without an audience tag I get:

POST https://domain.eu.auth0.com/oauth/token
Accept: application/json, text/json, text/javascript, application/xml, text/xml, application/x-plist, application/x-www-form-urlencoded, text/plain, text/html, application/xhtml+xml, 
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Authorization: Basic==
---Body---
grant_type=client_credentials

then I get this

**Error** OAuth 2 Response 'Access Token' Request failed: forbidden (403)

HTTP 403

---Body---

{"error":"access_denied","error_description":"Third party clients are not allowed access to APIv1"}

Would it be possible to make a request to auth0 and it defaults the audience to the default set in the settings of auth0? Now it seems its not possible or I am not aware how you have to set it up.

1 Like

Hi @koen1!

Welcome to the Auth0 Community.

I need some more information to understand the issue you are having. What do you specifically want to accomplish with Postman? It sounds like you are wanting to interface with the Authentication API (vs the Management APIv2), is that the case? Are you using the Auth0 Postman collection/have you followed this guide for setup?

Thanks,
Dan

I was more hoping that you could use the standard oauth2 flow inside of postman.

But seems that you always have to first get the token and then reuse it for all the other subsequent calls.

1 Like