Auth0 Home Blog Docs

Unable to get token using resource owner password via /oauth/token api




Hope someone can shed some light on a recent issue I have with /oauth/token api with resource owner password.

I created an account roughly three weeks ago and I followed the documentation to get a token with username and password. I’ve set default directory to Username-Password-Authentication and added password to grant types of my application. My curl command to test as below:

curl -X POST
-H ‘Cache-Control: no-cache’
-H ‘Content-Type: application/x-www-form-urlencoded’
-H ‘Postman-Token: bb7ed953-ffbe-428f-ac12-8c4af95fc7fa’
-d ‘client_id=JXCE5sjNdY6PH4Wjtfx14Y8eiS9VOpmC&username=[USERNAME_REMOVED]&password=[PASSWORD_REMOVED]&grant_type=password’

Response I kept getting is {“error”:“invalid_request”,“error_description”:“Redirection is not available on /oauth/token endpoint.”}

Out of frustration after trying and googling, someone said to create a new account back in July. So I created a new account and set up my first app and other configs accordingly. The same curl command with the new client ID and domain url, this time I received a valid token!

I tried to compare configs between the two accounts I created but I couldn’t spot any difference.

It would be great if anyone could help here!


After lengthy investigation and trying, I’ve found out I mistakenly added custom rules that broke the endpoint. Now it works after I removed them.