We’re trying to create our own screens in our apps to handle authentication. We’re therefore hitting the Auth0 apis directly to obtain an auth token. The access token created by calling oath/token with the password grant returns a valid access token that gives us access to our apis and the Auth0 /userinfo endpoint. However, when we refresh the token using oath/token, the returned access token is valid except when used on our own apis and the Auth0 /userinfo endpoint we get a 500 server error. What are we doing wrong? At the moment we’re trying to debug this through Postman with these calls:
Login: oath/token
- clientId
- grant_type “password”
- username
- password
- scope
- audiences
Refresh token: oath/token
- clientId
- grant_type “refresh_token”
- refresh_token
- audiences