My tenant contains the default Auth0 Management API and a custom API. Using the .NET SDK, I want to create a new MachineToMachine client for the custom API.
I first want to create a token that will allow me to create a new client. I believe I need to use code similar to the following:
var restClient = new RestClient("https://[MY_TENANT].us.auth0.com");
var request = new RestRequest("oauth/token", Method.Post);
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"client_id\":\"[CLIENT_ID]\",\"client_secret\":\"[CLIENT_SECRET]\",\"audience\":\"[AUTH0_MANAGEMENT_API_AUDIENCE]\",\"grant_type\":\"client_credentials\"}", ParameterType.RequestBody);
RestResponse response = restClient.Execute(request);
Questions:
- What values should I use for CLIENT_ID and CLIENT_SECRET?
- Do I need to manually need to create a “master” client to obtain the id and secret?
- If I need to manually create a master client, to which API do I authorize this: the Auth0 Management API or the custom API?
- What should I be using for the Audience value: the one for the Auth0 Management API or for the custom API?
I have tried manually creating a master client, however if I specify the audience as [AUTH0_MANAGEMENT_API_AUDIENCE], the token that gets generated fails with a “invalid token” error. If I specify the audience as [MY_CUSTOM_API_AUDIENCE], it fails with a “bad audience” error.
The generated token looks something like this:
{
"iss": "https://[MY_TENANT].us.auth0.com/",
"sub": "[CLIENT_ID]@clients",
"aud": "[AUDIENCE]",
"iat": 1711472848,
"exp": 1711559248,
"gty": "client-credentials",
"azp": "[CLIENT_ID]"
}
What is wrong with the generated token? How can I create a valid token that will allow me to call apiClient.Clients.CreateAsync(clientRequest)?