Create a permission using a API

zPedrooGF · December 3, 2023, 8:32pm

I would like to create permissions in my application via the API, according to the following excerpt from the documentation:

curl --request PATCH \
  --url 'https://{my domain}.uk.auth0.com/api/v2/resource-servers/API_ID' \
  --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN' \
  --header 'cache-control: no-cache' \
  --header 'content-type: application/json' \
  --data '{ "scopes": [ { "value": "PERMISSION_NAME", "description": "PERMISSION_DESC" }, { "value": "PERMISSION_NAME", "description": "PERMISSION_DESC" } ] }'

In “your domain”, I put the domain of the Regular Web Application itself, in API_ID, I put the ID of the API that takes care of my permissions, the access token is my regular user token with the permission: “update:resource_servers”.

However, I get the error:

{
	"statusCode": 401,
	"error": "Unauthorized",
	"message": "Bad audience: https://{my api audience from my custom api} {my domain}.uk.auth0.com/userinfo"
}

How can I solve this?

marcelina.barycka · December 4, 2023, 10:00am

Hi @zPedrooGF !

Please use your Auth0 domain (where you have registered your API and other apps) instead:

Making this small adjustment, you should be able to successfully updater the api permissions:

Please let me know any questions!

zPedrooGF · December 4, 2023, 12:41pm

Hello, thanks for the reply @marcelina.barycka !

If I understood correctly, which apparently I didn’t, it still doesn’t work

marcelina.barycka · December 5, 2023, 10:38am

Hi @zPedrooGF !

How do you get the token that you later use to call the management API?
Can you please try to get/request a new token setting the audience to be Management API Identifier (the value from the screen below):

The reasoning is that this token allows you to call the management API thus when requesting a token for it, the audience must be set to the Management API Identifier.

Also please make sure that this token has scopes sufficient to create new permissions for your custom API.

zPedrooGF · December 5, 2023, 11:26am

Hi @marcelina.barycka !!

I’m using the auth0 client ID and auth0 client secret from my normal web application with the auth0 public custom API (not the system API). I think this is why it’s not working, because I get an API explorer in my system API and this works.

Do you have any documentation to recommend reading about this? I’m lost about the workflow to use custom API

Thanks a lot!

system · December 19, 2023, 11:27am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.