Problem statement
We created a machine-to-machine application and a Resource Server (API) in Auth0 and authorized the M2M app for this API.
When trying to get an Access Token through a client credentials exchange, we get the following error:
Service not enabled within domain: "API_IDENTIFIER"
Cause
- When creating the Resource Server (API) in Auth0, the audience contained a whitespace in front of the identifier. So, when attempting a client credentials exchange without the whitespace in front, the audience was not recognized, causing the “Service not enabled within domain” error.
"body": {
"name": "API NAME",
"identifier": " https://auth0.example.com/",
"signing_alg": "RS256"
}
- The same could happen if you try to make a client credentials exchange and in the POST to the
/oauth/tokenendpoint, you inadvertently add a whitespace in front of the audience, you will receive the same error.
Solution
Since the Resource Server/API identifier is set upon API creation and cannot be modified afterward, we recommend creating a new API with the correct identifier and deleting the previous API.
Alternatively, if the issue was caused by a whitespace in front of the audience during the client credentials exchange, then removing the whitespace in the request should fix the issue.