Getting unauthorized response when trying to use impersonation API

Hi There,

I’m trying to get up and running with the impersonation API however having issues with it returning unauthorized for every single request when I try it.

I’ve tried with curl and also a simple node script (pasted below) using the documentation but still no dice.
Wondering if anyone else has come across this and how they resolved it. I’ve had impersonation enabled on the tenant so can’t be that.

Thanks in advance,

Mark

const request = require('request');

const options = {
    method: 'POST',
    url: 'https://MY_DOMAIN.eu.auth0.com/users/USER_ID/impersonate',
    headers: {
        'authorization': 'Bearer MANAGEMENT_TOKEN',
        'content-type': 'application/json',
    },
    body: {
        'protocol': 'oauth2',
        'impersonator_id': 'IMPERSONATOR_ID',
        'client_id': 'CLIENT_ID',
        'additionalParameters': {
            'response_type': 'code',
            'scope': 'openid',
        },
    },
    json: true,
};

request(options, function(error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Is anyone able to help with this?

Make sure you have the legacy settings enabled and you are using the Global Client ID/Secret, NOT the Client Id and Client secret for a Client you’ve created. You can find the Global Client ID and Global Client Secret here: https://manage.auth0.com/#/account/advanced

Hi Benm,

I’ve updated the request for getting the management token to use the global client id and password but instead am getting the following response:{ error: 'access_denied', error_description: 'Client is not authorized to access "https://transpoco-auth.eu.auth0.com/api/v2/". You might probably want to create a "client-grant" associated to this API. See: https://auth0.com/docs/api/v2#!/Client_Grants/post_client_grants' }

Sorted now, was a combination of this and having the audience set to the V2 which was throwing it off, removed the audience claim and used the global credentials and it worked.

Had a call with @abhishek.hingnikar where we discovered that was what was causing the issue.

Is anyone able to help with this?

Hi Mark,
Can you share the exact error you are receiving? I believe that you are redacting the values in the payload, would it be possible to share an example of the complete payload (except the Management Token) ? And the claims by decoding the management api token in http://jwt.io/

Hi There, the exact error that I get is:
“Unauthorized”

I am unable to provide any other details for the payload however I know that the details being used in the payload are correct as this is not the first time I’ve used the Auth0 API, all our calls to Auth0 are over the API and not with the SDK.

This is weird, I believe impersonation might be disabled on your account, I’ll go ahead and check that and get back to you assap.

Impersonation is enabled, I believe the error is being caused either due to a wrong / obsolete token or either client_id or client_secret is wrong. Can we hop on a call to debug this? I’ll dm you the details on twitter.

Thank’s Abhishek. I’ve checked all credentials and everything seems correct, I’ve updated my test script to pull a fresh management token however still getting the same.
Would appreciate having a call, I look forward to getting the details from you so we can resolve this.

Mark

I tweeted you from _mathdotrandom, can we move the convo to dm for the meeting details and add our learnings here ?