Problem getting access_token from /oauth/token End-Point (Payload)

brokerx · September 20, 2023, 3:32am

Newbie here…

Using Next13 (nextJS) and wrote something that calls the /oauth/token endpoint; I’m trying to obtain an access_token in order to make some subsequent calls once a user is logged in.

I have everything working fine in Postman; get payload back fine and see it.

{
“access_token”: “eyJhbGciOiJSUzI1NiIsInR5cCI6IkpX…”,
“scope”: “read:users update:users delete:users create:users read:users_app_metadata update:users_app_metadata delete:users_app_metadata create:users_app_metadata read:logs_users read:roles create:roles update:roles create:role_members client_credentials”,
“expires_in”: 86400,
“token_type”: “Bearer”
}

When I make the exact same call in the app I get a 200, it works fine, however, I see this as the body:

body: { stream: undefined }

I’m not sure how/where I get the access_token from this payload?

I’m clearly missing something very basic/easy.

Thanks

tyf · September 20, 2023, 5:24pm

Hey @brokerx welcome to the community!

It’s hard to know for sure, but just to clarify, it sounds/looks like you’re trying to get a Management API access token as opposed to a user access token?

brokerx · September 20, 2023, 5:37pm

Hi - correct, Management API access token.

tyf · September 20, 2023, 5:52pm

Gotcha, thanks for clarifying! Are you using a particular library to make the http request? I most often see axios - A function might look like:

const axios = require('axios');

async function getManagementApiToken() {
  const data = {
    client_id: process.env.AUTH0_MANAGEMENT_API_CLIENT_ID,
    client_secret: process.env.AUTH0_MANAGEMENT_API_CLIENT_SECRET,
    audience: process.env.AUTH0_AUDIENCE,
    grant_type: 'client_credentials'
  };

  try {
    const response = await axios.post(`https://${process.env.AUTH0_DOMAIN}/oauth/token`, data);
    return response.data.access_token;
  } catch (error) {
    console.error('Error getting Auth0 Management API Token:', error);
    throw error;
  }
}

brokerx · September 20, 2023, 6:13pm

Cool, ya was just using fetch…

export async function GetAuth0AccessToken() {

const url = `${process.env.AUTH0_ISSUER_BASE_URL}` + "/oauth/token";

const payload = {
    "grant_type" : "client_credentials",
    "client_id" : `${process.env.AUTH0_CLIENT_TOKEN_ID}`,
    "client_secret" : `${process.env.AUTH0_CLIENT_TOKEN_SECRET}`,
    "audience" : `${process.env.AUTH0_CLIENT_AUDIENCE}`
}

const headers = {   
    'content-type' : 'application/json'
}

try {
    const response = await fetch(url, {
      method: 'POST',
      headers,
      body: JSON.stringify(payload),
    });

    if (response.ok) {
      console.log(response)
    } else {
      const errorData = await response.text();
      console.log(errorData)
    }
  } catch (error) {
    console.log('Internal Server Error')
  }

}

Payload I get back:

Response {
[Symbol(realm)]: null,
[Symbol(state)]: {
aborted: false,
rangeRequested: false,
timingAllowPassed: true,
requestIncludesCredentials: true,
type: ‘default’,
status: 200,
timingInfo: {
startTime: 1217396.2971999645,
redirectStartTime: 0,
redirectEndTime: 0,
postRedirectStartTime: 1217396.2971999645,
finalServiceWorkerStartTime: 0,
finalNetworkResponseStartTime: 0,
finalNetworkRequestStartTime: 0,
endTime: 0,
encodedBodySize: 2,
decodedBodySize: 0,
finalConnectionTimingInfo: null
},
cacheState: ‘’,
statusText: ‘OK’,
headersList: HeadersList {
cookies: [Array],
[Symbol(headers map)]: [Map],
[Symbol(headers map sorted)]: null
},
urlList: [ [URL] ],
body: { stream: undefined }
},
[Symbol(headers)]: HeadersList {
cookies: [
‘did=s%3Av0%3Ad9beb930-57e0-11ee-bc39-3903e846145d.GOfR8UnQKK%2FSbYMQPKTHOZqj1X5i%2FLmCY2s%2BcfYcw3U; Max-Age=31557600; Path=/; Expires=Fri, 20 Sep 2024 00:09:33 GMT; HttpOnly; Secure; SameSite=None’,
‘did_compat=s%3Av0%3Ad9beb930-57e0-11ee-bc39-3903e846145d.GOfR8UnQKK%2FSbYMQPKTHOZqj1X5i%2FLmCY2s%2BcfYcw3U; Max-Age=31557600; Path=/; Expires=Fri, 20 Sep 2024 00:09:33 GMT; HttpOnly; Secure’
],
[Symbol(headers map)]: Map(25) {
‘date’ => [Object],
‘content-type’ => [Object],
‘transfer-encoding’ => [Object],
‘connection’ => [Object],
‘cf-ray’ => [Object],
‘cf-cache-status’ => [Object],
‘cache-control’ => [Object],
‘set-cookie’ => [Object],
‘strict-transport-security’ => [Object],
‘vary’ => [Object],
‘ot-baggage-auth0-request-id’ => [Object],
‘ot-tracer-sampled’ => [Object],
‘ot-tracer-spanid’ => [Object],
‘ot-tracer-traceid’ => [Object],
‘pragma’ => [Object],
‘traceparent’ => [Object],
‘tracestate’ => [Object],
‘x-auth0-requestid’ => [Object],
‘x-content-type-options’ => [Object],
‘x-ratelimit-limit’ => [Object],
‘x-ratelimit-remaining’ => [Object],
‘x-ratelimit-reset’ => [Object],
‘server’ => [Object],
‘content-encoding’ => [Object],
‘alt-svc’ => [Object]
},
[Symbol(headers map sorted)]: null
}
}

brokerx · September 20, 2023, 9:28pm

tyf:

const axios = require('axios');

async function getManagementApiToken() {
  const data = {
    client_id: process.env.AUTH0_MANAGEMENT_API_CLIENT_ID,
    client_secret: process.env.AUTH0_MANAGEMENT_API_CLIENT_SECRET,
    audience: process.env.AUTH0_AUDIENCE,
    grant_type: 'client_credentials'
  };

  try {
    const response = await axios.post(`https://${process.env.AUTH0_DOMAIN}/oauth/token`, data);
    return response.data.access_token;
  } catch (error) {
    console.error('Error getting Auth0 Management API Token:', error);
    throw error;
  }
}

Thanks - it’s working.

tyf · September 20, 2023, 9:33pm

Awesome! Happy to help, thanks for following up!

system · October 4, 2023, 9:33pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.