I have a client id for my server(and would prefer to just have 1) but he is doing a web app flow and also needs machine to machine access to management api.
In the GUI, I can modify ‘Application Type’ from ‘Regular Web Application’ to ‘Machine to Machine’. I then enable the management api and go back to ‘Regular Web Application’ and I see google oauth is still installed.
In this way, can my app be both ‘machine to machine’ with access to mgmt api AND also be a regular web application with the oauth login with google??? This would be ideal.
I guess I will try it and find out but the GUI is very wonky implying it is one or the other which is frustrating as having 2 client ids and secrets for one server seems quite a bit odd to me.
Well, it returns an accessToken from /oauth/token when grant_type is client_credentials" so it seems like this works and I can use 1 app id. It is quite wonky and should be tabbed settings perhaps
OR NOT → on the next step, I get invalid token → {“statusCode”:401,“error”:“Unauthorized”,“message”:“Invalid token”,“attributes”:{“error”:“Invalid token”}}
very odd considering it gave me an accessToken when trying to call the management api and I use this endpoint before successfully (perhaps I have some odd bug still)
seriously weird. my http client logs curl requests(soo nice), so →
curl -k --request POST -H “user-agent:Webpieces Generated API Client” -H “accept:application/json” -H “content-type:application/json” -H “c
ontent-length:226” -H “HOST:xxxx-dev.us.auth0.com” --data ‘{“audience”:“https://xxxx-dev.us.auth0.com/api/v2/“,“grant_type”:“client_credentials”,”
client_id”:“yyyy”,“client_secret”:“zzzz”}’ “https://xxxx-dev.us.auth
0.com:443/oauth/token”
then taking the access token nnnnn and filling in, I had sent this curl which fails →
curl -k --request GET -H “user-agent:Webpieces Generated API Client” -H “accept:application/json” -H “content-type:application/json” -H “Authorization: Bearer nnnnn” -H “HOST:xxxx-dev.us.auth0.com” --data ‘’ “https://xxxx-dev.us.auth0.com:443/api/v2/users-by-email”
How is it I get a valid access token and then get denied? hmmmm, perhaps another issue I need to find. scopes or something maybe…thinking. (though this article had nothing on scopes → Using Machine to Machine (M2M) Authorization )
back and forth we go. now that we add scopes, we get this error →
{“error”:“access_denied”,“error_description”:“Client has not been granted scopes: openid, profile, email, phone”}
odd. I enabled access for that api. I wonder why this is. perhaps I do have to have two client ids which would really suck.
FINALLY fixed: have to piece many documentation together but basically have to go into the app, change app temporarily to machine to machine type (confusing) and then check the boxes of read:users and scopes you want and then add those scopes in the api call and all is working now. it was a matter of piecing many docs together to get the full picture.