NextJS and Auth0: not being able to get a Managment API token

  • Which SDK this is regarding: e.g. auth0-node
  • SDK Version: 1.6.2
  • Platform Version: NextJS 12.0.7

Hey, I am currently building a holiday planner application in NextJS and using Auth0 for secure logins and an external database to store user information.

I am currently building the admin functions of my system to add, delete and modify users. I have been currently using the Managment API for this and just copying and pasting the token in to my header to do POST requests for creating users.

Since this token expires every 24 hours, I wanted to add in the API to get the new managment token. I am really struggling to figure out how to do it. I have been currently using this code in my /api/Admin file

import axios from "axios"

export default function handler(req, res) {
	var options = {
		method: 'POST',
		url: 'https://dev-gnwzdh82.eu.auth0.com/oauth/token',
		headers: {'content-type': 'application/x-www-form-urlencoded'},
		data: {
		  grant_type: 'client_credentials',
		  client_id: 'YOUR_CLIENT_ID',
		  client_secret: 'YOUR_CLIENT_SECRET',
		  audience: 'https://dev-gnwzdh82.eu.auth0.com/api/v2/'
		}
	  };
	  
	  axios.request(options).then(function (response) {
		console.log(response.data);
	  }).catch(function (error) {
		console.error(error);
	  });
  }


I keep getting access_denied and unauthroized returned.

I am not sure if I havent setup something correctly in my Auth0 dashboard or something wrong with my code. Any help is appriciated thank you!

1 Like

Hi @abdulrmustapha,

Thanks for reaching out to the Auth0 Community!

I understand that you encountered issues getting a Management API token.

I have inspected your code snippet carefully and noticed that you need to use the application/json content-type rather than the application/x-www-form-urlencoded. See below for clarity:

import axios from "axios"

export default function handler(req, res) {
	var options = {
		method: 'POST',
		url: 'https://dev-gnwzdh82.eu.auth0.com/oauth/token',
		headers: {'content-type': 'application/json'},
		data: {
		  grant_type: 'client_credentials',
		  client_id: 'YOUR_CLIENT_ID',
		  client_secret: 'YOUR_CLIENT_SECRET',
		  audience: 'https://dev-gnwzdh82.eu.auth0.com/api/v2/'
		}
	  };
	  
	  axios.request(options).then(function (response) {
		console.log(response.data);
	  }).catch(function (error) {
		console.error(error);
	  });
  }

Once that is complete, you can make a request for a Management API token.

Please do reach out if you have any further questions.

Thank you.

1 Like

Thank you Rueben, I managed to get it working!

Out of curiosity what is the other content-type (application/x-www-form-urlencoded) used for?

Also, if I wanted to just have an API for just adding, deleting and editing users, should I create a seperate API in production or is the management API okay?

Hi @abdulrmustapha,

Glad to hear everything is working!

It is used to represent your data type as URL encoded. In general, the content-type is used to describe the data type you are passing in your request.

In cases where you are posting JSON data like in the Management API it would look like:

{
  "grant_type": "client_credentials",
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
 "audience": "YOUR_AUDIENCE"
}

Whereas sending data as URL encoded would look like:

grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&audience=YOUR_AUDIENCE

edit: Unfortunately, you will not be able to create and use a separate API to read, create, update, and delete users. Instead, you must use the Management API Token to make these requests correctly. I have tested and confirmed this.

Hoped this helps!

Please let me know if there’s anything else I can do to help.

Thank you.

1 Like

Thank you for the clarification, I am very new to the dev space so currently learning new things everyday.

One last question, I have now setup my Get Management API function, at what point is it recommended to update the token, and is this something done on the server side when the application is deployed once a day?

1 Like

Hi @abdulrmustapha,

Thank you for your response.

First, I have edited and corrected my first post. You must continue using the Management API to make requests to create, read, update, and delete users.

Additionally, the Management API Token has a default expiration time of 86400 seconds (24hours).

In this case, you will need to renew your token daily to continue usage. Note that there is an option to increase or reduce the Token Expiration.

To do so, you will need to go to your Auth0 Dashboard > Applications > APIs > Auth0 Management API > Token Settings and modify the Token Expiration (seconds). Don’t forget to hit Save at the bottom of the page.

Please reach out if you have any additional questions.

Thank you.

1 Like

Much appreciated, thank you for your help!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.