Get an access token based on username / password

I couldn’t figure out which one of the authorization flows I can use to do the following:

  • Have a user use their browser to request an authorization token (they would be asked to enter their username/password).
  • Copy the authorization token from the browser and use it in the request header in a client (e.g. postman) to access my api.

Any ideas would be appreciated, thanks!

1 Like

Hi cocheci,

We need more information. You are requesting an access token to be passed to the browser, and we do not recommend that. You can get more info about which flow to use here: Authentication and Authorization Flows.

We need more details on what you are doing to be able to answer better.


Hi John, thank you for your answer. Here’s what I need to do: I have several users that need to access their data over the API. Each user has their own resources, so I will need to be able to tell from the authentication token which user is requesting a resource so that I can redirect them to the correct place. I did read the docs about all the authorization flows but none of them seem to do what I need.

Actually it appears that the Authorization Code Flow is just what I needed. I tried this before posting the question but it didn’t work for me initially, perhaps I was using the wrong parameters somehow, I was always getting this error:
“error”: “invalid_grant”,
“error_description”: “Invalid authorization code”
when requesting the token with the code.
Editing this response: for some weird reason, this worked for me once only. Now I’m getting the error above again.

I need to do the same thing, i just want an auth0 endpoint i can send user credentials to in return for a token that can identify the user and that the client can use to access the api. If auth0 cant do this then i wont be using this service.

It can, look at the Authorization Code Flow tutorial: