Invalid grant for user signup

{“error”:“invalid_grant”,“error_description”:“Wrong email or password.”}

I’m testing new user signups and facing the error above when testing a new user signup which sends a POST request with the payload below. The issue seems to be environment related as exact same request and payload works fine in another environment under the same auth0 account. What could cause this error?

“client_id”: “",
“username”: "
“password”: “",
“realm”: "
“grant_type”: “”,
“scope”: “openid email profile”,
“audience”: “",
“redirect_uri”: "


Hi @shola.agunbiade,

Welcome to the Auth0 Community!

To better understand the issue, could you please share the exact steps and code you performed so far?

At the moment, I do not have context of where the POST request is going to.

I look forward to your udpate.


Hi @shola.agunbiade,

I have an update!

The “Wrong email or password” error description is stating that the issue is coming from either a wrong email or password. (Reference: Invalid_grant error code received instead of documented error codes - #7 by thomas.osborn)

Because of this, I decided to test the Password-realm grant type on my end. In my tests, I could successfully get an access token with the following code:

const axios = require('axios');
const qs = require('qs');
let data = qs.stringify({
  'grant_type': '',
  'client_id': 'YOUR_CLIENT_ID',
  'client_secret': 'YOUR_CLIENT_SECRET',
  'audience': 'YOUR_AUDIENCE',
  'username': 'YOUR_EMAIL_ADDRESS',
  'password': 'YOUR_PASSWORD',
  'scope': 'openid email profile',
  'realm': 'Username-Password-Authentication' 

let config = {
  method: 'post',
  url: '',
  headers: { 
    'Content-Type': 'application/x-www-form-urlencoded'
  data : data

.then((response) => {
.catch((error) => {

Then, the only way I could reproduce the"Wrong email or password" error is if I passed in an incorrect email address or password.

Given that, could you please make sure you are passing the correct email address and password values in the request?

After doing so, you should be able to make the request using the Password-realm grant.

Please let me know how this goes for you.


Hi @rueben.tiow, thanks for following up. In my case I’m testing new user signup so email and password are provided for the first time at this stage.

I’ll follow up and this point of the documentation “or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request”. Perhaps is issue is with the redirection.

1 Like

Hi @shola.agunbiade,

Thank you for your reply.

Would you be able to help me capture a HAR file of your login events and share them with me via direct messages to investigate the issue further?


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.