Axios post req to get management token works in chrome but not in firefox, Edge and safari

bhavith.chandra · April 11, 2023, 10:21am

Am working with react app and the below code gives me management token in chrome but not in other browsers like firefox and edge.

 const getLoggedIn = async () => {
    try {
      const response = await axios.post(
        "https:///oauth/token",
        new URLSearchParams({
          grant_type: "client_credentials",
          client_id: "xxxxxx",
          client_secret:
            "xxxx",
          code: `code`,
          redirect_uri: "https://.net/",
          audience: "https://abc/api/v2/",
          cacheLocation: "localstorage",
        }),
        {
          headers: { "content-type": "application/x-www-form-urlencoded" },
        }
      );
      console.log(response);
      localStorage.setItem("mToken", response?.data?.access_token ?? "");
    } catch (error) {
      console.log(error);
    }
  };

dan.woda · April 12, 2023, 4:27pm

Hi @bhavith.chandra,

Welcome to the Auth0 Community!

This setup is completely insecure and you are leaving your Auth0 tenant open to malicious actors by publishing the client ID/secret in a browser-based application. Any data sent to the client can be inspected by the end user and used for malicious purposes.

You should never use the client credentials grant in a client-side application (SPA, native app, etc.). Additionally, browser based flows are very limited in scopes with the Management API and should be avoided.

I would suggest starting with our quickstarts.

Let me know if you have any questions.

system · April 26, 2023, 4:28pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.