Unauthorized error when calling /oauth/token from rule to get access token

I am getting an Unauthorized error with HTTP status 401 when calling https://my-tenant.au.auth0.com/oauth/token from a rule. I have checked that I am using the correct tenant name in URL, client_id and client_secret and get a successful response when I call the endpoint using curl locally.

Is there anything wrong with this request syntax, otherwise what else could be going wrong??

Code in rule:

var request = require("request");

var options_for_token_request = { method: 'POST',
url: "https://my-tenant.au.auth0.com/oauth/token",
body: '{"client_id":" ","client_secret":" ","audience":"urn:auth0-authz-api","grant_type":"client_credentials"}',
contentType: 'application/json' };

request(options_for_token_request, function (error, response, body) {
  if (error) { throw new Error(error); } 
  console.log(response.statusCode);
  console.log(body);
});

Console log:
5:47:00 PM:
401
{“error”:“access_denied”,“error_description”:“Unauthorized”}

Hi @kelsey1

Have you authorized the respective application in APIs > auth0-authorization-extension-api > Machine to Machine Applications?

Let me know.

Thanks,
Dan

Hi Dan,

Yep, I have the relevant application authorized in APIs > auth0-authorization-extension-api > Machine to Machine Applications.

I find it weird that I don’t have any issue getting a token when calling the endpoint with the same credentials using curl locally.

Hey Dan,

So I’ve found the issue, turns out “contentType” is not a valid option. I’m now setting the content-type in the header option as in the example.

var options = { method: ‘POST’,
url: ‘https://my-tenant.au.auth0.com/oauth/token’,
headers: { ‘content-type’: ‘application/json’ },
body: ‘{“client_id”:“”,“client_secret”:“”,“audience”:“urn:auth0-authz-api”,“grant_type”:“client_credentials”}’ };

Thanks for your help anyways, had a feeling it was something wrong with my code.

2 Likes

Glad you figured it out!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.