We have an app live (https://app.example.com), that knows about a username and password.
The goal is to login as a user with JavaScript.
We were following the docs here resource-owner-password-flow
and here call-your-api-using-resource-owner-password-flow
By posting to the endpoint https://example.eu.auth0.com/oauth/token
with the payload like the one from here migration-oauthro-oauthtoken
{
"grant_type": "http://auth0.com/oauth/grant-type/password-realm",
"client_id": "1234567890",
"client_secret": "1234567890",
"username": "alice",
"password": "123456",
"realm": "Username-Password-Authentication",
"scope": "openid profile email offline_access",
"audience": "https://api.example.com"
}
We used the application settings (domain, client_id, client_secret) from the app.
We also made sure to configure Callback URL and Password grant type here:
https://manage.auth0.com/dashboard/eu/example/applications/1234567890/settings
Application URIs → Allowed Callback URLs
Advanced settings → Grant Types
Also we were using the default Realm here:
https://manage.auth0.com/dashboard/eu/example/connections/database
Neither the default Database Connection Username-Password-Authentication
provided by auth0
nor it’s Identifier con_1234567890
lead to anything but a 401 response.
Neither http://auth0.com/oauth/grant-type/password-realm
nor password
as grant_type lead to anything but a 401 response.
The user’s email is verified and it’s Primary Identity Provider is the very Username-Password-Authentication Database.
Of course it’s name and password are correct. The OAuth2/OIDC Flow works without problems.
Testing with the Authentication API Debugger Extension from here:
https://example.eu12.webtask.io/auth0-authentication-api-debugger
also lead to 401 response only
{
"err": {
"readyState": 4,
"responseText": "{\"error\":\"access_denied\",\"error_description\":\"Unauthorized\"}",
"responseJSON": {
"error": "access_denied",
"error_description": "Unauthorized"
},
"status": 401,
"statusText": "error"
}
}
Could you provide assistance with this?
Thanks for your support