Bad audience when calling Management API using Machine-to-Machine App

I see some other discussions about Bad audience. But no luck to fix the problem when I use M2M app.
My Steps to reproduce the issue:

  1. create Machine to Machine Applications and name it m2m-app

  2. select the Auth0 Management API as the API to authorize to this M2M app.

  3. select all the permissions under the API and save.

  4. Now, we have the app. I tried the curl command captured right from the “Quick Start” tab of this app.

  5. I send command to get an access_token

	curl --request POST \
	  --url https://<my-pretty-domain-name>.us.auth0.com/oauth/token \
	  --header 'content-type: application/json' \
	  --data '{"client_id":"ABCDEFGHIJK123abcdefghijk","client_secret":"XYZXYZXYZXYZ123123123abcabcabc","audience":"https://<my-pretty-domain-name>.us.auth0.com/api/v2/","grant_type":"client_credentials"}'
  1. I got back an access_token like below:
	{
	   "access_token":"abcdabcdabcdabcd.ABCDABCDABCD.ABCD1234ABCD1234",
	   "scope":"...... read:users update:users delete:users create:users ......",
	   "expires_in":86400,
	   "token_type":"Bearer"
	}
  1. I call the get user API
	curl --request GET \
	  --url https://login.auth0.com/api/v2/users/12345678 \
	  --header 'authorization: Bearer abcdabcdabcdabcd.ABCDABCDABCD.ABCD1234ABCD1234'
  1. I got the response:
	{"statusCode":401,"error":"Unauthorized","message":"Bad audience: https://<my-pretty-domain-name>.us.auth0.com/api/v2/"}

I think I followed all the disccusions and seems the problem is not going away.

Hi @briannl,

Make sure you are using your original auth0 domain when calling the management API, not your custom domain.

Explained in detail here: Troubleshoot Custom Domains.

I guess the online document should be updated. It generate a curl with https://login.auth0.com/api/v2/users/*** URL. It should mention that the word login should be the tenant’s domain name

I’d be happy to submit that feedback. Can you share a screenshot and URI of which document you are referring to?

Hi Dan,
I find out that if I logged in, the example is generated correctly with my domain. So, we are clear. Thanks a lot.

2 Likes