Does Resource Owner Password Grant Authentication accept email address?

SG-1 · April 15, 2021, 6:44pm

Hi

We’re looking at attempting to silently log someone in after having given us a password which we then create an account in auth0 with.

Ideally, we’d not want to redirect them to auth and then back.

I’ve been playing around with the Resource Owner Password Grant method but it seems that the credentials require a USERNAME but we’re not using USERNAME’s and I wondered if email address worked here? I can’t seem to get it to work using the API Debugger or postman, so I suspect not, please confirm

dan.woda · April 15, 2021, 10:27pm

Hi @SG-1,

Welcome to the Community!

You should be able to use an email for the username. Can you tell me how you are making the request and what is failing?

SG-1 · April 16, 2021, 8:54am

Hey, thanks for your reply
I’m using /oauth/token

with headers ‘Content-Type’ : ‘application/json’

{
	'client_id' : AUTH0_CLIENT_ID,
		'grant_type' : 'password',
		'password' : '*******',
		'scope' : 'openid name email nickname',
		'username' : '***@***.com',
}

But I just get the response of

{"error":"access_denied","error_description":"Unauthorized"}