I’m currently trying to implement the Resource Owner Password Flow for an application that cannot be redirected to the Auth0 login page. What I’m doing is: Taking username, password and calling the oauth/token endpoint as described in documentation. I am able to retrieve an access_token, but it’s not containing the same information as the tokens of our other applications (which use redirect).
In the documentation it says:
Rules will run for the Resource Owner Password Flow (including the Realm extension grant).
We have a set of rules, which will do things like adding user_metadata, permissions or roles to the token. To me it seems, that those rules are not executed when I’m calling the /oauth/token endpoint. Am I missing something? Appreciate any kind of input.