I see some other discussions about Bad audience. But no luck to fix the problem when I use M2M app.
My Steps to reproduce the issue:
-
create
Machine to Machine Applications
and name itm2m-app
-
select the
Auth0 Management API
as the API to authorize to this M2M app. -
select all the permissions under the API and save.
-
Now, we have the app. I tried the curl command captured right from the “Quick Start” tab of this app.
-
I send command to get an access_token
curl --request POST \
--url https://<my-pretty-domain-name>.us.auth0.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"ABCDEFGHIJK123abcdefghijk","client_secret":"XYZXYZXYZXYZ123123123abcabcabc","audience":"https://<my-pretty-domain-name>.us.auth0.com/api/v2/","grant_type":"client_credentials"}'
- I got back an access_token like below:
{
"access_token":"abcdabcdabcdabcd.ABCDABCDABCD.ABCD1234ABCD1234",
"scope":"...... read:users update:users delete:users create:users ......",
"expires_in":86400,
"token_type":"Bearer"
}
- I call the get user API
curl --request GET \
--url https://login.auth0.com/api/v2/users/12345678 \
--header 'authorization: Bearer abcdabcdabcdabcd.ABCDABCDABCD.ABCD1234ABCD1234'
- I got the response:
{"statusCode":401,"error":"Unauthorized","message":"Bad audience: https://<my-pretty-domain-name>.us.auth0.com/api/v2/"}
I think I followed all the disccusions and seems the problem is not going away.