Getting unauthorized response when trying to get my token

When doing the following request:

    var client2 = new RestClient("https://MY-DOMAIN.us.auth0.com/oauth/token");
    var request2 = new RestRequest(Method.POST);
    request.AddHeader("content-type", "application/json");
    request.AddParameter("application/json", "{\"client_id\":\"********\",\"client_secret\":\"*****\",\"audience\":\"https://dev-yktazjo3.us.auth0.com/api/v2/\",\"grant_type\":\"client_credentials\"}", ParameterType.RequestBody);
    IRestResponse respons2e = client2.Execute(request2);

The response is:
“error”:“access_denied”,“error_description”:“Unauthorized”}

Hi @NNKamel,

Welcome to the Community!

Is this code from a server-side Machine-to-Machine app that has been authorized to use the Management API?

I got this code from Auth0 Management API “Test” tab.
And I have already given almost all the permissions available.

My whole model is that I have a single page app, and when users login or register there and make a request, I want to be able to know who is the user that just logged in on the SPA from my backend project which is a dotnet webapi project with .net5.0

I tried using:
var x = this.User.FindFirst(ClaimTypes.NameIdentifier).Value;

and then pass the x to a request to get the userinfo

        var client = new RestClient("https://MyDomain.us.auth0.com/userinfo");
        var request = new RestRequest(Method.GET);
        request.AddHeader("Content-Type", "application/json");
        request.AddHeader("Authorization", "Bearer " + token);

But when I do that I get an “unauthorized” response.

To clarify, do you want to retrieve user data in your SPA or your backend?

Your SPA will have access to the user’s profile data via an ID Token. You can make a request to the /userinfo endpoint to get user info as well, but you will need to use the Access Token.

In your code request.AddHeader("Authorization", "Bearer " + token);, is the token variable the Access Token that the SPA received from the /token endpoint after a user logs in?

The login in my Angular SPA recieves an object on login which has a “sub” field which has the same token value as the request.AddHeader("Authorization", "Bearer " + token);
So I guess yes

I see! It sounds like you might be using the user ID instead of the Access Token if its value is the same as the sub claim. The Angular SDK will automatically add the Access Token as the bearer token for you using an HTTP intercepter. The “Call an API” section of the Angular Quickstart explains how to implement this: Auth0 Angular SDK Quickstarts: Call an API

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.