Auth0 Home Blog Docs

Getting the token


#1

I am just starting out with Auth0 server side/M2M API.

trying to get my token via axios:

 return () => axios({
  url: 'https://wonderlandabs.auth0.com/oauth/token',
  method: 'post',
  headers: {'content-type': 'application/json'},
  data: {
    grant_type: 'client_credentials',
    scope: 'profile',
    response_type: 'code',
    client_id: container.AUTH0_CLIENT_ID,
    client_secret: container.AUTH0_CLIENT_SECRET,
    'audience': 'https://wonderlandabs.auth0.com/api/v2/'
  }
});

according to https://auth0.com/docs/api/management/v2/tokens#automate-the-process this should work.

Any suggestions?


#2

Can you provide some more details into what error you are running into?


#3

I’m seeing the log message on the auth0 website

{

“date”: “2018-05-28T17:54:56.167Z”,
“type”: “feccft”,
“description”: “Unauthorized”,
“connection_id”: “”,
“client_id”: “1sZN86rYdFn4n9jfMp6VV8G6PLRJkQbe”,
“client_name”: null,
“ip”: “173.239.228.15”,
“user_agent”: “axios/0.18.0”,
“hostname”: “wonderlandabs.auth0.com”,
“user_id”: “”,
“user_name”: “”,
“audience”: “https://wonderlandabs.auth0.com/api/v2/”,
“scope”: “profile”,
“log_id”: “90020180528175456168116816160320871510863217169170169906”
}


#4

Thanks @dave3 I am seeing a few things you might need to check. First, the profile scope is not a token you can fetch via client_credentials. That is an OIDC scope when requesting an id_token for a user not a machine. Second, you might want to make sure the client is an authorized application on the Management API. You can go here: https://manage.auth0.com/#/apis and then navigate to the Management API. From there click on the Machine to Machine Applications link to ensure your application is authorized and is able to get some scopes. Lastly, including response_type in the body isn’t necessary for client_credentials, because you will only get a single type of token (anaccess_token`).

I have a general question. Are you running this in a browser or are you running this in a node.js backend? the client_credentials grant type should only be used for confidential clients. Auth0 will not allow client_credentials grant for public clients like a SPA for example. If you go to your client settings there is a link at the bottom called advanced settings. You can go here to check your grant types that are enabled. You should make sure client_credentials is enabled there.