Invalid grant for user signup

shola.agunbiade · June 22, 2023, 3:17pm

{“error”:“invalid_grant”,“error_description”:“Wrong email or password.”}

I’m testing new user signups and facing the error above when testing a new user signup which sends a POST request with the payload below. The issue seems to be environment related as exact same request and payload works fine in another environment under the same auth0 account. What could cause this error?

{
“client_id”: “",
“username”: "”,
“password”: “",
“realm”: "”,
“grant_type”: “http://auth0.com/oauth/grant-type/password-realm”,
“scope”: “openid email profile”,
“audience”: “",
“redirect_uri”: "”
}

rueben.tiow · June 23, 2023, 12:47am

Hi @shola.agunbiade,

Welcome to the Auth0 Community!

To better understand the issue, could you please share the exact steps and code you performed so far?

At the moment, I do not have context of where the POST request is going to.

I look forward to your udpate.

Thanks,
Rueben

rueben.tiow · June 23, 2023, 4:08pm

Hi @shola.agunbiade,

I have an update!

The “Wrong email or password” error description is stating that the issue is coming from either a wrong email or password. (Reference: Invalid_grant error code received instead of documented error codes - #7 by thomas.osborn)

Because of this, I decided to test the Password-realm grant type on my end. In my tests, I could successfully get an access token with the following code:

const axios = require('axios');
const qs = require('qs');
let data = qs.stringify({
  'grant_type': 'http://auth0.com/oauth/grant-type/password-realm',
  'client_id': 'YOUR_CLIENT_ID',
  'client_secret': 'YOUR_CLIENT_SECRET',
  'audience': 'YOUR_AUDIENCE',
  'username': 'YOUR_EMAIL_ADDRESS',
  'password': 'YOUR_PASSWORD',
  'scope': 'openid email profile',
  'realm': 'Username-Password-Authentication' 
});

let config = {
  method: 'post',
  url: 'https://YOUR_DOMAIN.REGION.auth0.com/oauth/token',
  headers: { 
    'Content-Type': 'application/x-www-form-urlencoded'
  },
  data : data
};

axios.request(config)
.then((response) => {
  console.log(JSON.stringify(response.data));
})
.catch((error) => {
  console.log(error);
});

Then, the only way I could reproduce the"Wrong email or password" error is if I passed in an incorrect email address or password.

Given that, could you please make sure you are passing the correct email address and password values in the request?

After doing so, you should be able to make the request using the Password-realm grant.

Please let me know how this goes for you.

Thanks,
Rueben

shola.agunbiade · June 23, 2023, 4:49pm

Hi @rueben.tiow, thanks for following up. In my case I’m testing new user signup so email and password are provided for the first time at this stage.

I’ll follow up and this point of the documentation “or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request”. Perhaps is issue is with the redirection.

rueben.tiow · June 26, 2023, 4:47pm

Hi @shola.agunbiade,

Thank you for your reply.

Would you be able to help me capture a HAR file of your login events and share them with me via direct messages to investigate the issue further?

Thanks,
Rueben

system · July 10, 2023, 4:47pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.