Hi folks, I have two database connections ( one is the default ‘Username-Password-Authentication’ and the other is ‘admin-database’ ) for two sets of users. I have created two different applications “A1” and “A2” (both are of the type “Regular Web Application”) to authenticate them. This is all under one tenant.
“A1” has access to “Username-Password-Authentication” only and “A2” has access to “admin-database” only.
When I use the “signup” API from A2 and create a user in “admin-database”, the user is created.
But when I use the “/oauth/token” API to get an access token, it gives the following error –
{"error":"invalid_grant","error_description":"Wrong email or password."}
Can someone help me understand why?
Hi @junaid ,
Welcome to the Auth0 Community!
For users created by the “signup” API, they are in the pending status. Could you please verify the user and then try again?
BTW, I tested with POST /oauth/token endpoint for the “Regular Web Application” and received the access token.
If the error persists, please share the body scripts with me and I will look into this further. Thanks.
Hi, thanks for the reply. I am using “grant_type” as “password”. Below is my request body –
{
"username": "*email goes here as it's the username*",
"password": "*password goes here*",
"grant_type":"password",
"audience":"*audience goes here*",
"scope" : "openid",
"client_id": "*client ID goes here*",
"client_secret":"*client secret goes here*"
}
I marked the email as verified from the Auth0 dashboard. Still getting the below response –
{
"error": "invalid_grant",
"error_description": "Wrong email or password."
}
I have also attached the snapshot of the database connections which have been enabled.
If I disable the “Username-Password-Authentication” connection, the API throws an error that it has been disabled.
If I enable it, then I get the “invalid_grant” error as shown above.
Please advise.
Hi Lihua! I was able to solve this issue on my own.
All I had to do was add Realm support to the API call.
The grant_type
should http://auth0.com/oauth/grant-type/password-realm
and the realm
value should be set to the respective database connection which is admin-database
.
Below is the complete body for the /oauth/token
–
{
"username": "fill in the username value here. In my case, it is the email",
"password": "fill in the password here",
"grant_type": "http://auth0.com/oauth/grant-type/password-realm",
"audience": "fill in the `audience` value here",
"scope": "openid",
"client_id": "fill in the `client_id` value here",
"client_secret": "fill in the `client_secret` value here",
"realm": "admin-database"
}
The response gave me the access_token
and id_token
correctly.
No need to verify the email of the newly-created user.
Thanks for taking the time and replying to my query!
2 Likes
@junaid ,
Thank you for sharing your solution with our Community!
This topic was automatically closed after 2 days. New replies are no longer allowed.