Getting "Unauthorized" error response when using "Resource Owner Password" API

Hi,

I’m new to Auth0 and I’m trying to see if I can use it to create a custom login form on my website and authenticate a user using the authentication API. I found this page - Authentication API Explorer - and thought it’s the best option for what I’m trying to do. I downloaded the postman collection and followed the instructions on this page - Call Your API Using Resource Owner Password Flow. However, when I started testing it, it always gives me a 401 error:

{
    "error": "access_denied",
    "error_description": "Unauthorized"
}

I googled a bit more and found that I can enable the Password grant type, but even after doing this, I still get a 401 error. Am I missing something?

Some details:

Regards,
Marlon

Hey @ponki.d.monkey, Welcome to the Auth0 Community!

From the looks of it you request seems correct, I checked your tenant as well and it looks ok, only
thing i suspect is your client_id , I think there is a trailing space in there, can you check it?

Regards,
Sidharth Chaudhary

Hi,

Thanks for your reply.

I checked the client_id on my request and it doesn’t have a trailing space. And just to be sure, I copied it again using the Copy to clipboard button from my application details page. I also double checked all other request parameters if they have a trailing space and they have none. Not sure if it’s worth trying to post from a sample custom login page. What do you think?

Regards,
Marlon

Hey Marlon, Can you DM me a Curl version of your token request(removing the secret)? I will replace with my params and try on my side as well

Ok sure. Give me a sec. I’ll just compose the curl request and DM it to you.

i am also facing same issue , can i please get help

this is the uri with params i am trying
https://auth-poc-mphasis.eu.auth0.com/oauth/token?grant_type=password&username=soni.sinha@mphasis.com&password=Soni21874$&client_id=WS4xEFCnY3iFeMBhnQsBBg2YgYm7FD1w&client_secret=FJZDdeiwpqjPLJcxf5pRKcnhWFDiNcTZinGOEbv5MGyakx7YV9MrA_05UnhqoD-q&audience=http://localhost:9096/dataservice/api/gui/screen/rfi&scope=read:data

Please suggest have i missed any configuration , every time i am getting 401

Thanks i fixed it i am able to generate token now :slight_smile:

1 Like

Wooohooo! Glad to hear that!

Can you say what you’ve changed? For the benefit of the rest of community

Please share the fix with everyone :grinning:

Hello, I am having the same issue. Would appreciate some help on this. Thanks :slight_smile:

Please share the fix!!!

@soni.sinha for visbility :slight_smile:

I’m having the same issue and the problem here is that if fails with the “Unauthorized” error and I can’t find any other details to troubleshoot the issue.

My setup works on other environments but on the Stage server. I’m sure I have everything configured identically but still can’t figure out the issue.

I’m able to log in but then my SPA fails with an “Unauthorized” error .

Where can I get more details about the problem? Do you have any kind of debug logs to have more details about the actual reason of the failure?

For anyone having the same problem, While using postman i was using form-data instead of x-www-form-urlencoded while using Content-Type:application/x-www-form-urlencoded as header.

2 Likes

Thanks for sharing it with the rest of community!

The easiest way to fix is using postman collection from here https://github.com/auth0/postman-collections, look for Get Access Token/Resourse Owner Password request. Pay attention that client_id and other keys are set in request body but not Params, except Content-Type which is set in header.

Thanks for sharing that with the rest of community!