I saw so many questions on this topic in the community but unfortunately no luck so far.
I’m using Auth0 universal flow for user authentication which works perfectly fine. The problem comes when I try to call Auth0 Management API through our node.js backend.
I created a new API in Auth0 and added this identifier https://example-api
I also added some permissions to this API so we can then use them for with different types of user roles.
This is how I’m obtaining the access_token
through Management API call:
const response = await axios({
method: 'POST',
url: `https://{tentant}.auth0.com/oauth/token`,
headers:{ 'Content-Type': 'application/json'},
data:{
client_id: <client_id obtained from newly created API>,
client_secret: <client_secret obtained from newly created API>,
audience: <audience obtained from newly created API https://example-api>,
grant_type: "client_credentials"
}
})
This call successfully returns the access_token
.
Whenever I try to get a user matched with matching criteria like this:
const user = await axios({
method: 'GET',
url: `https://{tentant}.auth0.com/api/v2/users`,
params: {
q: query,
search_engine: 'v3'
},
headers: {authorization: `Bearer ${response.data.access_token}`}
})
It throws the following exception.
{
statusCode: 401,
error: 'Unauthorized',
message: 'Bad audience: https://example-api'
}
I also tried to put trailing slash for audience but no luck.
Whenever I use the audience
form Auth0 Management API (the one which automatically gets created with Auth0 account with the label System API) It works and I can get the user but then I cannot set custom permissions on it.
Any help on this would be appreciated.
Thank you.