Hi,
I am trying to use the “/oauth/token” REST API to verify user’s password.
This API always return HTTP 401, even when the user&password provided are valid.
Is there a special configuration I need to enable for this API?
Here is the HTTP details:
Request:
POST /oauth/token HTTP/1.1
Content-Length: 160
Host: xxx.auth0.com
Content-Type: application/json
{
“client_id”: “client_id”,
“grant_type”: “password”,
“password”: “123456”,
“scope”: “scope123”,
“username”: “myemail@mail.com”
}
** Response **:
HTTP/1.1 401
status: 401
date: Sun, 21 Jan 2018 17:11:07 GMT
content-type: application/json
x-auth0-requestid: 23424234
x-ratelimit-limit: 1000000
x-ratelimit-remaining: 999999
x-ratelimit-reset: 1516554668
www-authenticate: Basic realm=“Users”
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
{“error”:“access_denied”,“error_description”:“Unauthorized”}