Retrieving User's access token using Username and Password programatically

Hi,

I would like to automate my actions (as a user) on a website that is using Auth0. Some of the actions require me to be authenticated with Auth0 and for that, I need an access token (to call an API). Therefore, I have a simple question, given username and password, is there a way for me to retrieve an access token programmatically?

The website I would like to automate my actions on is using Auth0’s login page hosted on their domain. After clicking Login on their page, I am getting redirected to their login page, where I provide my username and password. After I submit the form, I am redirected back to the original domain’s login_successful redirect page and I can find the access token in:

  • the URL fragment (the bit after the #)
  • the dev tools network tab’s requests to the API (Authorization header)

Technically, it could always be possible to try to automate the actions through the user interface with tooling, however, what you seem to require is access to their API outside of their own application and to have something like that in a supported way that service should support that as a dedicated feature.

For example, they could enable third-party clients (https://auth0.com/docs/applications/first-party-and-third-party-applications#third-party-applications) so that you could access their own API (on behalf of your account), but using your own applications/scripts instead of their applications.

In conclusion, if the service in question does not have something like the above as a feature, although you could possible hack some automation this would always be a brittle thing subject to be broken by changes in the flow.

1 Like