Issue creating Reset Password Ticket

HI

I’m getting a 403 “Insufficient scope, expected any of: create:user_tickets” message when making the call to send a reset password.

The “create:user_tickets” is toggled ON in the API management screen for the account making the call.

Any thoughts on why I’m getting this scope issue if it’s actually set?

Hey @brokerx !

I just responded to your previous topic:

Weird, no…it’s not in the token.

1 Like

Thanks for confirming!

It looks like the token shared is from a different authorized app - The sub claim should be the client_id of your brokerx-secure application. Basically, it looks like you just need to use the brokerx-secure credentials to get an access token as opposed to the application with a client_id beginning in WidyZzQpW....

Ya, looks like it, ugh! I switched it to use the brokerx-secure app ID but now I’m getting:

data: { error: 'access_denied', error_description: 'Unauthorized' }

What I’m sending…

data: ‘{
“grant_type”:“client_credentials”,"
client_id":“8K74v****”, (from brokerx)
“client_secret”:“u36Lc3yopzfYbZJc_", (from brokerx)
“audience”:"https://dev-8hvh45pk
.us.auth0.com/api/v2/”}’

The app is toggled on in the M2M area. Is there another permission I need to set somewhere?

Thanks!

1 Like

That should be it :thinking:

It might be worth checking out the “test” tab of the Management API in your Auth0 dashboard - You should just be able to grab an example access token from there. If that is working then it is most likely a configuration issue with your CURL or however else you may be obtaining tokens.

Hi - got it figured out. Needed to update my secret too… Thanks!

1 Like

Great! Thanks confirming :slight_smile:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.