Current setup: Created a SPA, added a rule to add roles of the logged in user. This role is checked while accessing the apis. Added grant type password.
My usecase: I am trying to run postman tests. For testing apis I need bearer token. By using Resource Owner Password flow I was trying to obtain the bearer token.
Here is my curl command,
curl --location --request POST 'https://my-second-tenant.eu.auth0.com/oauth/token?grant_type=password&username=username&password=password&audience=https://quickstarts/api&client_id=%23%23%23%23%23%23%23%23%23&client_secret=*****'
I am getting
{ "error": "access_denied", "error_description": "Unauthorized" }
I have already checked the password grant type is enabled. I also tried disabling the rule just to check if rule is causing any problem but no luck.
Am I missing anything here?
I also came across Client credentials flow and that could be a good option. But I am using SPA application type.
My second question is, as this is SPA so the client credentials option is disabled.
Is there any way that I could configure my SPA to allow client credential.