HI
I’m getting a 403 “Insufficient scope, expected any of: create:user_tickets” message when making the call to send a reset password.
The “create:user_tickets” is toggled ON in the API management screen for the account making the call.
Any thoughts on why I’m getting this scope issue if it’s actually set?
Thanks for confirming!
It looks like the token shared is from a different authorized app - The sub claim should be the client_id of your brokerx-secure application. Basically, it looks like you just need to use the brokerx-secure credentials to get an access token as opposed to the application with a client_id beginning in WidyZzQpW....
Ya, looks like it, ugh! I switched it to use the brokerx-secure app ID but now I’m getting:
data: { error: 'access_denied', error_description: 'Unauthorized' }
What I’m sending…
data: ‘{
“grant_type”:“client_credentials”,"
client_id":“8K74v****”, (from brokerx)
“client_secret”:“u36Lc3yopzfYbZJc_", (from brokerx)
“audience”:"https://dev-8hvh45pk.us.auth0.com/api/v2/”}’
The app is toggled on in the M2M area. Is there another permission I need to set somewhere?
Thanks!
That should be it 
It might be worth checking out the “test” tab of the Management API in your Auth0 dashboard - You should just be able to grab an example access token from there. If that is working then it is most likely a configuration issue with your CURL or however else you may be obtaining tokens.
Hi - got it figured out. Needed to update my secret too… Thanks!
Great! Thanks confirming 
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
