I have a backend api(node.js) integrated with auth0 and is able to verify tokens. I want to be able to make a post request to auth0 from clientside with username and password, and auth0 returns a token i can use to call api. I can only do this with the client_id, and not the user credentials why is this? how do i do this
Welcome to the forum @spotbackteam. With embedded authentication flows, it is possible to POST username and password to receive tokens. We highly recommend redirect based flows (like Authorization Code Grant) over embedded flows (like Resource Owner Password Grant).
Here is a sample ROPG request:
curl --request POST
–url ‘https://YOUR_DOMAIN/oauth/token’
–header ‘content-type: application/x-www-form-urlencoded’
–data grant_type=password
–data username=user@example.com
–data password=pwd
–data audience=YOUR_API_IDENTIFIER
–data scope=read:sample
–data ‘client_id=YOUR_CLIENT_ID’
–data client_secret=YOUR_CLIENT_SECRET
Call Your API Using Resource Owner Password Flow
1 Like
Thanks for sharing that knowledge with the rest of community Jatin!