Hi there,
I’m trying to add auto-login to my application using the Resource Owner Password Flow.
I have already added custom registration with the API, first retrieving a token and then creating the new user.
When the new user have been created, I want to automatically login. This request keep giving me the error:
{
error: 'invalid_scope',
error_description: 'User is not authorized to the audience for those scopes'
}
And this is the code for the request:
const loginOptions = {
method: 'POST',
headers: {'content-type': 'application/x-www-form-urlencoded'},
body: new URLSearchParams({
grant_type: 'password',
username: req.body.email,
email: req.body.email,
password: req.body.password,
audience: `${process.env.AUTH0_ISSUER_BASE_URL}/api/v2/`,
scope: 'read:users',
client_id: process.env.AUTH0_CLIENT_ID,
client_secret: process.env.AUTH0_CLIENT_SECRET,
})
};
const loginResponse = await fetch(`${process.env.AUTH0_ISSUER_BASE_URL}/oauth/token`, loginOptions)
const loginResult = await loginResponse.json()
console.log(loginResult);
I have added the grant type Password for the Application (in Advanced Settings).
I have also added all Permissions in the Management API → Machine To Machine Applications.
I’m out of ideas, anyone else have one?
Thank you!