Implement the Resource Owner Password Grant

matw · June 29, 2020, 4:50pm

Hi, I have tried to follow the guide for a Resource Owner Password Grant but i get Unauthorized.

curl --request POST
–url ‘edited oauth token’
–header ‘content-type: application/x-www-form-urlencoded’
–data grant_type=password
–data username=hello@hello.com
–data password=password
–data ‘audience=1.0.7-D1 USER API’
–data scope=read:sample
–data ‘client_id=5jvrnCg5FHWSEFYjtmcMiL0JjaGAgP4t’
–data ‘client_secret=xxx’
{“error”:“access_denied”,“error_description”:“Unauthorized”}

I think ive followed everything from /docs/api-auth/tutorials/password-grant accurately, ive even tried on a fresh account.

Logs show
{
“date”: “2020-06-29T16:08:58.619Z”,
“type”: “fepft”,
“description”: “Unauthorized”,
“connection_id”: “”,
“client_id”: “5jvrnCg5FHWSEFYjtmcMiL0JjaGAgP4t”,
“client_name”: null,
“ip”: “194.143.166.250”,
“client_ip”: “194.143.166.250”,
“user_agent”: “curl 7.70.0 / Other 0.0.0”,
“hostname”: “dev-q8oydoww.eu.auth0.com”,
“user_id”: “”,
“user_name”: “user@hello.com”,
“audience”: “1.0.7-ESCDIP-474 USER API”,
“scope”: “read:sample”,
“log_id”: “90020200629160858882000460769530734477886991180924715026”,
“_id”: “90020200629160858882000460769530734477886991180924715026”,
“isMobile”: false
}

Any tips appreciated,
thanks.

ps the reason i want to use this flow is so that i can get token with claims in a simple fashion for nightly test process.

john.gateley · June 30, 2020, 2:32pm

Hey, two things:

You probably want M2M (client credentials) instead of ROPG for a nightly test process.
Check the tenant logs for more details on the error.

John

matw · June 30, 2020, 3:10pm

thanks for response, turns out to be developer error here. i had the client id from my usual account not the one from this fresh account i used to isolate the application for this ticket.