Machine to Machine: Connection must be enabled for this client to perform single user creation and signup operations

I created a database connection to add new users using the ManagementClient from Auth0.

When I tried using this connection with my “Machine to Machine” application (API Explorer Application), I received the following error:

Connection must be enabled for this client to perform single user creation and signup operations.

I checked the app in my Dashboard and noticed there is no “Connection” tab for “Machine to Machine” applications. So, I clicked on a “Regular Web Application” where I found a “Connection” tab. I enabled my database there and continued using the Client ID and Client Secret of this application with the ManagementClient.

However, I encountered this error:

Client is not authorized to access “https://auth-sp-staging.eu.auth0.com/api/v2/”. You need to create a “client-grant” associated to this API. See: Auth0 Management API v2.

To resolve this, I opened “Applications - APIs” and selected the “Auth0 Management API” (System API). Then, I went to the “Machine to Machine Applications” tab and authorized my regular web application.

After saving, I tried running my code again but now it shows this error:

Invalid token.

Is there something wrong with my code?

import 'dotenv-defaults/config.js';
import {ManagementClient} from 'auth0';

const management = new ManagementClient({
  clientId: process.env.AUTH0_CLIENT_ID + '',
  clientSecret: process.env.AUTH0_CLIENT_SECRET + '',
  domain: process.env.AUTH0_DOMAIN + '',
});

await management.users.create({
  email: 'some@email.com',
  password: 'this-is-not-empty',
  connection: 'Email-Password-Authentication',
});

Best,
Benny

Hi @b.neugebauer,

I have reviewed your code and checked your tenant settings. Everything looks good, and I confirmed that your API Explorer Application has the Email-Password-Authentication database connection enabled. I have even tested your code on my end and managed to create a new user.

If you suspect an issue with your token, I recommend printing and decoding the access token when you run your code.

For example:

  const token = await management.getAccessToken();
  console.log(token)

And then, you can use jwt.io or any JWT library to decode the token.

Let me know if you need more help.

Cheers,
Rueben

Thanks for testing!

Running the code works when I use the credentials of the “API Explorer Application” (connected via “Authentication” → “Database” → “Applications”).

However, when I use the client ID and client secret of a regular web application, I receive an “Invalid token” error.

Is there a difference between a “Machine to Machine” application and a “Regular Web Application”? The only difference I see so far is that “Machine to Machine” apps don’t have a “Connections” tab, whereas regular web apps do.

Hi @b.neugebauer,

Thanks for the follow-up.

Yes, it is true that the M2M apps’ settings do not display a connections tab. The way to get around this is to go to your Connection settings and enable the application there.

Now, regarding the invalid token error, have you had a chance to decode the token to verify that the audience and scopes reference your Management API with all of the required permissions?

In the client credentials flow, which is non-interactive, the system must authenticate and authorize the application instead of a user.
(Reference: Client Credentials Flow)