Auth0 Home Blog Docs

Management API get token throws "User is not authorized to the audience for those scopes"

I have to call the Management API from one of our services. The first question is, can we use password grant to get tokens for Management API?
Though I have been successful in authenticating and getting token back for Management API using password credentials, I have used the client id and client secret from a regular Web Application and not an M2M account. But when I try to get the access token with “read:users” scope using a username/password and client id/secret from the Web App, it throws User is not authorized to the audience for those scopes
I am not sure why is that. In the dashboard I can see that the Management API has the necessary access to the Web App and scopes under that.

Hello @shahzad.adil!

You can use password grant to get tokens for Management API ONLY from a highly-trusted application, that can not do redirects.

About:

Have you tried configuring the Application to be able to access the Management API scopes?

If you haven’t, you can try going to your Dashboard > APIs > Select the Management API > Machine to Machine Applications > look for the desired application and turn the toggle on > you will be able to select the needed scopes and update it.

Thank you!

1 Like

Hey @karen.bermudez,
As stated above, I am able to get a token. And the Application is also authorized to access the API with all the necessary scopes.

But I am still facing this issue.

And how does Auth0 detect for the app being a highly-trusted application?

Hello!

Could you please send me a screenshot of your authorized application?

Thanks in advance!

@karen.bermudez Please find the screenshots below showing the UI App and the API with access to the app