When I make POST request to https://my.auth0.domain/oauth/token, it return 401 response with body:
{
"error": "access_denied",
"error_description": "Unauthorized"
}
My request body is:
{
"grant_type": "password",
"username": "user@emal.com",
"password": "user password",
"client_id": "client id for my app",
"client secret": "client secret for my app",
"audience": "my api identifier"
}
After changing Token Endpoint Authentication Method from Post to None, it works as expected by returning 200 response and access token in the body. But after making this change in settings, Client Credentials is disabled in grant types of the application. As a result, I cannot get access token for the client:
Client is not authorized to access “my identifier”. You need to create a “client-grant” associated to this API. See: Auth0 Management API v2
So, these two are mutually exclusive to achieve. Should I create two different application for being able to both getting client and user access tokens?