I’m trying to get a valid JWT from a node.js application. I can make it work using cURL:
curl th0.com/oauth/token --header 'content-type: application/json' --data '{"client_id":<client_id>,"client_secret":<client-secret>,"audience":<audience>,"grant_type":"client_credentials"}'
The resulting JWT is valid using jwt.io, and I can use it when I set it in the auth0 user mgmt APIv2.
When I do the same thing using node.js, I get a valid (and very similar as using cURL) token, but I get an 401 Unauthorized when I try to use it:
let auth0Response =
await fetch(`https://${process.env.AUTH0_DOMAIN}/oauth/token`,
{method: 'POST',
headers: {'content-type': 'application/json'},
body: JSON.stringify({"client_id":`${process.env.AUTH0_CLIENT_ID}`,
"client_secret":`${process.env.AUTH0_CLIENT_SECRET}`,
"audience":`https://${process.env.AUTH0_DOMAIN}/api/v2/`,
"grant_type":"client_credentials"})
})
.then(response => response.json())
console.log('token: ' + JSON.stringify(auth0Response))
This returns a valid JWT (jwt.io) with the right claims (the same ones as using cURL). However, I can’t seem to use this JWT to do any requests, nor programmatically, nor using the auth0 management APIv2 page.
I have no idea how to debug this, since the JWT is valid according to jwt.io (with the same claims as a working JWT), but apparently isn’t according to auth0.
What am I overlooking?