I have attempting to gain access to the a Management API via PHP so I can update user details. I’ve create a Resource Server API in my account area, validated the user, provided them with scopes (update:users, create:client_grants), etc.
I then retrieve a token form the ‘/oauth/token’ URI with all the relevant data. Then when I attempt to use this token to Authorize the client via ‘/client-grants’ URI it returns telling me the audience is not valid (Bad audience). However the HTTP status code returned is 401 which indicates an invalid token. If I take the access token returned from ‘/oauth/token’ and paste it into the https://jwt.io/ debugger it informs me the it has an ‘invalid signature’. The header and payload section appear to be fine with correct details, however the token is still deemed as invalid. Both for RS-256 and HS-256.
Even when i cut and paste the test script under the ‘test’ tab in the API Resource Server edit UI the return token in still deemed invalid.
Why are the return tokes not valid in the debugger. How can I gain access to the Resource Server so I can manipulate user details?