Resource Owner Password flow responds with 500

Problem

I’m trying to get an access token for a given user via Resource Owner Password flow, but my request to https://MY-APPS-DOMAIN/oauth/token keeps failing with a generic 500 status code.

Rough Setup

  • Application (“App”) setup as machine-to-machine with Token Endpoint Auth Method set to POST
  • API (“API”) setup and authorized for “App”
  • User created

Code Sample (.NET)

In code, I’m attempting to call the token endpoint using the Resource Owner Password grant type, but I keep getting a 500. Here’s a sample of what I’m doing:

var body = new Dictionary<string, string>
{
    {"client_id", <client ID of App>},
    {"client_secret", <client secret of App>},
    {"audience", <Identifier of API>},
    {"grant_type", "password"},
    {"username", <username of a created user>},
    {"password", <password of a created user>},
}

var requestContent = new FormUrlEncodedContent(body);
var response = await httpClient.PostAsync("https://MY-APP-DOMAIN/oauth/token", requestContent);

// response.StatusCode == 500

Is this flow not possible with a Machine-to-Machine app? Am I missing something else, somewhere… somehow?

Edit

I’ve also confirmed that the given user info works via the Try Connection tab for my Authentication Connection.

Hi @michael-bamboo ,

Thank you for posting this topic on the Auth0 Community!

Is this flow not possible with a Machine-to-Machine app? Am I missing something else, somewhere… somehow?

In this ROPG documentation, the steps are for the Regular Web App instead of the Machine-to-Machine app. For the M2M application, Auth0 uses the Client Credential flow, that is, it authenticates and authorizes the app rather than a user.

Here are the scripts:

curl --request POST \
  --url 'https://YOUR_DOMAIN/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=YOUR_CLIENT_ID \
  --data client_secret=YOUR_CLIENT_SECRET \
  --data audience=YOUR_API_IDENTIFIER

Hope this helps!

This topic was automatically closed after 18 hours. New replies are no longer allowed.