Insufficient scope error on Rails API

Greetings all,

I’m working on getting Auth0 to work for both user authentication in my Angular SPA which uses a Rails API backend. The Angular QuickStart seems to have worked as I’m able to login/logout of my app as expected.

I completed the Rails API QuickStart but I’m getting the following errors when I attempt to test the endpoint as indicated in the Quickstart or use the id_token obtained by logging into my Angular app in curl to verify that everything is working as expected:

Quickstart curl test output:

{"error":"unauthorized_client","error_description":"
Grant type 'client_credentials' not allowed for the client.",
"error_uri":"https://auth0.com/docs/clients/client-grant-types"}
~/wdi/frinkiac-7/flightlog-api (auth)

Rails server output:

Started GET "/examples" for ::1 at 2020-03-15 08:57:51 -0400
Processing by ExamplesController#index as */*
Filter chain halted as :authenticate_request! rendered or redirected
Completed 403 Forbidden in 482ms (Views: 0.2ms | ActiveRecord: 0.0ms)

Curl command response:

{"errors":["Insufficient scope"]}~/wdi/frinkiac-7/flightlog-api (auth)

In the spirit of full disclosure, I’ve read a lot of the documentation but I’d be lying if I said I understood it to the extent that I should have. As such, my apologies in advance if the answer is available elsewhere.

Thanks in advance for any help you can provide.

Rob

Hi!

Thanks for so clearly detailing that.

For the application, do you have the client credentials grant enabled? Keep in mind this is a grant which only your backend application can use to call another back end application. You cannot use it to call your backend from your frontend, as there is no way to secure the client secret in the front end: https://auth0.com/docs/api-auth/tutorials/client-credentials