How can prerequisite postman script get access token from Auth0?

I have tried running a postman prerequisite script to get access token from my own API but I am not able to get it. Is my request correct? Am i missing some parameters?

This is the request i’m trying to pass:

url: 'https://[my name].au.auth0.com/oauth/token',
  method: 'POST',
  header: 'Content-Type:application/json',
  body:  {
          mode:'application/json',
          raw:  JSON.stringify({
                redirect_uri: 'https://www.getpostman.com/oauth2/callback',
                scope: 'api',
                client_id: '[my client id]',
                grant_type: 'implicit',

                
          })

Hi @mark.d.d.magumcia,

Welcome to the Community!

I believe you missing some requires parameters. i.e client_secret. Please see following documentations for more details:
https://auth0.com/docs/api/authentication#authorization-code-flow45

Let us know if it helps.

2 Likes

Hi @mark.d.d.magumcia,

what’s the error message that Postman is giving you? It should give an error description in the response.

You should probably get something like?

{
    "error": "unsupported_grant_type",
    "error_description": "Unsupported grant type: implicit"
}

Can you confirm which grant type you want to use and that you really want to use the Implicit flow? Asking because if it’s the case, you should call the /authorize endpoint instead of /token.

See Authentication API Explorer

(The /token endpoint would require a code which you don’t have with the Implicit flow.)

However, we discourage the usage of Implicit. See the notes on Implicit Flow with Form Post

As @rashid779939 pointed out, depending on the grant type you want to use, either the endpoint URL is wrong, or a parameter is missing (depending on the grant type; for the Implicit flow, a client_secret isn’t needed, however, the request isn’t right in term so grant type and called URL). Best to look at the API explorer.

Your Postman request is just for dev or test purposes to play around with an access token against your API? Depending on the purpose, note that you can also consider using the Test tab in the Dashboard under each API.
It shows you the straight POST request with all details; that’s following the Client Credentials Grant (M2M scenario) though. As said, depending on the purpose of you fetching the token, it might be a way for you as well.

1 Like

Thanks Rashid! i have read the documents and considered changing my way on how to get an access token

2 Likes

Hi Mathias,

Thanks for this and Yes! I did receive an unsupported grant type. I have considered changing my prerequisite script. I’ll be using an Authorisation_code flow. This is the flow that i’m going to do

  1. GET from /authorize endpoint of my web app to get the value of ‘code’ for my next step
  2. Do the POST for Authorization Code flow

My new problem, on my 1st step, i’m having an error “Invalid Parameter: client_id must be a string”

Here is a sample of my postman script. Am i missing something?

pm.sendRequest({
      url: 'https://[myqasite].au.auth0.com/authorize',
      method: 'GET',
      header: 'Content-Type:application/json',
       body: {
          mode:'application/json',
          raw:  JSON.stringify({
                scope: 'api',
                response_type: 'code',
                client_id:'[myclientid]',
                audience:'https://[myaudience].com.au',
                redirect_uri: 'https://www.getpostman.com/oauth2/callback'
          })
       
      }
  }

It’s a GET request but you’re putting the params in the request body, like in a POST request, while it should be just simple query parameters.


Note that there are Auth0 Postman collections out there, I think that’ll be the easiest to get started in Postman.

https://auth0.com/docs/api/authentication#code-samples

You can test the endpoints using either the Authentication API Debugger or our preconfigured Postman collection. For some endpoints, both options are available.

2 Likes

Thanks Mathias! Now I understand. Will definitely look at those postman collections

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.