Error "Service not enabled within domain"

Last Updated: Aug 2, 2024

Overview

A machine-to-machine (M2M) application and a Resource Server (API) were created in Auth0 and authorized the M2M app for this API.

When trying to get an Access Token through a client credentials exchange, the following error is received:

Service not enabled within domain: “API_IDENTIFIER”

Applies To

  • Machine-to-Machine (M2M) Application
  • Access Token

Cause

When creating the Resource Server (API) in Auth0, the audience we sent had a blank space/whitespace in front of the identifier.

"body": {
    "name": "API NAME",
    "identifier": " https://auth0.example.com/",
    "signing_alg": "RS256"
  }

So, when a client credentials exchange is attempted without the whitespace in front, the audience is not recognized, hence the error: Service not enabled within domain.

NOTE: The same could happen if trying to make a client credentials exchange, and in the POST to the ‘/oauth/token’ endpoint, a blank space/whitespace is inadvertently added in front of the audience. The same error will be received.

Solution

The Resource Server/API identifier is set upon API creation. It cannot be modified afterward, so create a new one with the correct identifier and delete the previous one.

Alternatively, if the issue was an added whitespace in front of the audience sent for the client credentials exchange, remove it, and it should work.

1 Like