How to call userinfo endpoint with API client credentials

levk · October 13, 2017, 2:47pm

I’ve created an API client for testing and get a token like this (nodejs):

let response = await request.post('https://[app].auth0.com/oauth/token').send({
  client_id: process.env.IT_CLIENT,
  client_secret: process.env.IT_SECRET,
  audience: 'https://[app]/',
  grant_type: 'client_credentials'
})
token = response.body.access_token

However when I call https://[app].auth0.com/userinfo with this token I get a 401 with ‘Bad audience’ message. How can I specify multiple audiences in the request?

jmangelo · October 13, 2017, 3:12pm

In that situation, even though the error you’re current experiencing is related to an invalid audience, the main issues is the fact that in a client credentials grant there is no notion of an end-user and as such the /userinfo endpoint is not applicable.

In that flow the client application is requesting an access token to access resources directly associated with the client application itself or that even though associated to end-users can be accessed directly by properly authorized client applications.

If the call needs to be associated with an end-user then you need to be using an end-user based flow.