Token Endpoint Authentication Method Post vs None

elgin.cahangirov · February 2, 2022, 1:27pm

When I make POST request to https://my.auth0.domain/oauth/token, it return 401 response with body:


{
    "error": "access_denied",
    "error_description": "Unauthorized"
}

My request body is:

{
    "grant_type": "password",
    "username": "user@emal.com",
    "password": "user password",
    "client_id": "client id for my app",
    "client secret": "client secret for my app",
    "audience": "my api identifier"
}

After changing Token Endpoint Authentication Method from Post to None, it works as expected by returning 200 response and access token in the body. But after making this change in settings, Client Credentials is disabled in grant types of the application. As a result, I cannot get access token for the client:

Client is not authorized to access “my identifier”. You need to create a “client-grant” associated to this API. See: Auth0 Management API v2

So, these two are mutually exclusive to achieve. Should I create two different application for being able to both getting client and user access tokens?

dan.woda · February 22, 2022, 10:10pm

Hi @elgin.cahangirov,

Welcome to the Auth0 Community and sorry for the delayed response!

Can you tell us a bit about your use case? What type of application are you using?

Additionally, you should be able to set the token authentication type to POST, and enable the client credentials grant in the Advanced Settings → Grant Types options. Have you tried this?

Topic		Replies	Views
Can't get access token for client Help jwt , auth0 , api , management-api , access-token	9	3879	March 4, 2022
Fixed: Where do I set the Token Endpoint Auth Method other than to none? Help	2	3940	August 29, 2019
Oauth/token request access_denied Help	4	5907	November 1, 2022
Signup/ login from backend API Help auth0 , api	4	6560	January 19, 2021
How to secure an API with Auth0 Help access-token	5	10649	February 10, 2019

Token Endpoint Authentication Method Post vs None

Related Topics