I have a backend api(node.js) integrated with auth0 and is able to verify tokens. I want to be able to make a post request to auth0 from clientside with username and password, and auth0 returns a token i can use to call api. I can only do this with the client_id, and not the user credentials why is this? how do i do this
Welcome to the forum @spotbackteam. With embedded authentication flows, it is possible to POST username and password to receive tokens. We highly recommend redirect based flows (like Authorization Code Grant
) over embedded flows (like Resource Owner Password Grant
).
Here is a sample ROPG request:
curl --request POST
–url ‘https://YOUR_DOMAIN/oauth/token’
–header ‘content-type: application/x-www-form-urlencoded’
–data grant_type=password
–data username=user@example.com
–data password=pwd
–data audience=YOUR_API_IDENTIFIER
–data scope=read:sample
–data ‘client_id=YOUR_CLIENT_ID’
–data client_secret=YOUR_CLIENT_SECRET
Call Your API Using Resource Owner Password Flow
1 Like
Thanks for sharing that knowledge with the rest of community Jatin!