Why am I getting invalid token when using client cred to get Management API (/api/v2/users/)

I am getting a Client Cred token like this…

curl --location --request POST 'https://dev-91w9x39h.us.auth0.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=...' \
--data-urlencode 'client_secret=...' \
--data-urlencode 'audience=https://dev-91w9x39h.us.auth0.com/api/v2/

I get a access token back but when I try using it to call the API like…

curl --location --request GET 'https://dev-91w9x39h.us.auth0.com/api/v2/users/google-oauth2|109230191017148685...' \
--header 'Authorization: Bearer <token>' \

I get

    "statusCode": 401,
    "error": "Unauthorized",
    "message": "Invalid token",
    "attributes": {
        "error": "Invalid token"

What am I missing? This is using a Regular Web App but that is the way they are signing in so I am not sure how to make a regular app act like a m2m app.

Hi @jgleason,

Have you tried decoding the token with jwt.io? You can take a look at the contents and see if anything looks off.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.