Unauthorized error on retrieving access token using /oauth0/token api

Summary: As part of our new requirement to have in-app signup & login experience, we enabled the password grant for the application in dev, test, and prod. We successfully created user accounts (signup) but could not get user access tokens from the API (/oauth/token). This is working fine in our DEV tenant.
Currently, this is blocking us from delivering the in-app experience.

Debug details:
PROD tenant curl request (not working):

curl --location 'https://<our-auth0-domain-url>/oauth/token'
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'grant_type=password'
--data-urlencode 'client_id=<our-client-id>'
--data-urlencode 'audience=https://my-audience'
--data-urlencode 'username=myemail@gmail.com'
--data-urlencode 'password=XXXXXXXXX'
--data-urlencode 'scope=openid email profile offline_access'

Response:

{
"error": "access_denied",
"error_description": "Unauthorized"
}

Update:

As we have the SPA application created and working in DEV tenant, I created a new SPA application in PROD tenant, but it is still not working and received a different error now.

Response:

{
"error": "server_error",
"error_description": "Authorization server not configured with default connection."
}

Hi @vijayakalidhas-impt,

Welcome to the Auth0 Community!

Have you seen this thread?

@dan.woda Thanks so much. I got this fixed.
I made two changes in my Auth0 config and posting the fix here.

Fix 1:
Settings > General (tab) > API Authorization Settings > Default Directory ==> set value to Username-Password-Authentication

Fix 2:
Application > (click application name) > Credential (tab) > Authentication Methods > (Select None)

I hope this helps our community.

1 Like

Awesome! Thanks for following up!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.