Get Auth0 Management API invalid token error

Hi team,

I’m trying to use the Management API to create user but getting following error when calling the create user endpoint with the returned Bearer access token.

“statusCode”:401,“error”:“Unauthorized”,“message”:“Invalid token”,“attributes”:{“error”:“Invalid token”}}

Following this Get Management API Access Tokens for Production, I successful to get the access token but when decoded it by jwt.io, it seems the access token does not have any permissions. I’m using the client_id and client_secret in the Auth0 Management API (Test Application)

Could you please advise what possibly causing the problem?

Thank you.

2 Likes

Hi @conghc,

Welcome to the Auth0 Community!

It seems that your “Auth0 Management API (Test Application)” may not be assigned with the required permissions.

In this case, could you please expand your “Auth0 Management API (Test Application)” in your API settings and select All the permissions. Please don’t forget to save your changes.

After doing so, you can get the Management API access tokens for production.

Please let me know if you have any additional questions.

Thank you.

1 Like

Hi @rueben.tiow,

Thank you for your feedback. The screenshot I took is short might confuse but the API has all the permissions assigned I think

Sorry can’t take the whole permission page due to the screen resolution but the attached above shows part of permissions.

Please let me know should you need any information.

Thank you.

Hi @conghc,

Thank you for your reply.

You will need to assign them to your application on your Management API > Machine to Machine Applications > Auth0 Management API (Test Application) for example:

Thank you.

1 Like

Hi @rueben.tiow,

Thank you, it works now after added required permission per your instruction.

I would suggest to put a similar screenshot like yours to this step Register Machine-to-Machine Applications to make the documentation more clearer :slight_smile: as the collapse icon is quite unnoticeable to the user (or at least to me).

I have skimmed through the docs multiple times but can’t see any place to guide user to click to that collapse icon for adding permissions (or I might be missed it)

A quick one, can I use the Auth0 Management API (Test Application) for Production purpose? Not sure about the postfix Test Application means anything?

Thank you again for your kind support.

1 Like

Hi @rueben.tiow ,

Sorry for my nested question, could you please advise if we can use the Auth0 Management API (Test Application) for Production?

What does the “(Test Application mean)”?

Thank you.

1 Like

Hi @conghc,

Thank you for your responses and feedback.

Yes, this should not be an issue. The only thing I will mention is that the application name is not very informative and could be a source of confusion in the future. With that, you could consider creating a new machine-to-machine application with the desired application name.

Please see this thread for an explanation on the “(Test Application)” application name.

Hoped this helps!

Thank you.