Get Test ID Token via Authentication API Debugger

How do I get an ID Token using Authentication API Debugger?
I tried to do a curl --location --request POST ‘https://dev-mytenant.us.auth0.com/oauth/token’ specifying grant_type of password. But I got an access denied (I am assuming it is because I have that grant_type turned off somewhere?)
I believe I got this in the past via the API Debugger. But at the moment I can only get an access token. I changed response_type to id_token and that just generates an error.
Is it possible to get an ID Token?
My use case is I am manually testing my backend, and don’t have a front end built yet.

Hey there @chris.mcbride !

Sorry for the delayed response here, but wanted to follow up on this.

You should definitely be able to get an ID token via the Auth API debugger - In order for this to succeed you will need to have the “password” grant enabled for whichever app/client you have configured in the debugger. To enable this grant in the dashboard navigate to application → your application → advanced settings → grant types.

Other than that I would make sure you’ve configured the debugger to use the openid scope if it isn’t already. Typically the errors returned by Auth0 are pretty telling if you would like to test again and share any of those here.

I get the " Oops!, something went wrong" page. Sometimes the error is informative, but in this case it says “There could be a misconfiguration in the system or a service outage. We track these errors automatically, but if the problem persists feel free to contact us.
Please try again.”
which doesn’t tell me anything. Did I miss filling something in on the previous page? Do I have some other setting set incorrectly? Who knows.
Currently I have it set to Default App (which has the password grant enabled) Open id scope is set by default. And I change the response type to id_token.

1 Like

Hmm, that’s odd! What is the default app? Are you clicking on the “password grant” button on the oauth2/oidc page of the debugger?

A curl should work as well assuming you are using a non m2m app client_id:

 curl --request POST \
  --url 'https://{your_auth0_domain}/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'grant_type=password&username=example@gmail.com&password=XXX&scope=openid&client_id=XXX'

I thought the default app was what was automatically created when the tenant was created. I haven’t done anything to it.
No I was not clicking the “password grant” button I was clicking the “OAUTH2/OIDC login” button as I thought that was what was required to bring the login popup up.
If I add my password to the password field and click the password grant button I then get an access_Denied. Despite having access to the default app. I’m fairly certain I’m using the correct password.
I guess that is a separate issue. A better error message the first time around would have helped.