19

I tried using the auth0 postman template to make an authentication request using username and password and I'm getting an unsupported grant type: password error. What am I doing wrong?

var client = new RestClient("https://test.auth0.com/oauth/token");
var request = new RestRequest(Method.POST);
request.AddHeader("postman-token", "abc");
request.AddHeader("cache-control", "no-cache");
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddParameter("application/x-www-form-urlencoded", "grant_type=password&client_id=foo&audience=&username=test&password=test&scope=openid%20email%20picture%20nickname", ParameterType.RequestBody);
MonkeyBonkey
  • 46,433
  • 78
  • 254
  • 460
  • This feature was originally released as part of the work done for [OAuth 2.0 API Authorization](https://auth0.com/docs/api-auth) functionality; you may try to check if you have this functionality enabled in your advanced account settings. If this does not solve it, you should provide more information about your account and client settings. – João Angelo Jan 13 '17 at 11:33
  • 4
    Ok, now I'm getting `Authorization server not configured with default connection` error - also what does enabling API in the adv settings do? Don't I already have access to an API? – MonkeyBonkey Jan 13 '17 at 12:23
  • You can configure the default connection in the *General* tab; check [Execute the Resource Owner Password Grant](https://auth0.com/docs/api-auth/tutorials/password-grant) docs for more info. The OAuth 2.0 API Authorization is for when you want to use Auth0 to issue access tokens that then can be used by your own API to make authorization decisions. – João Angelo Jan 13 '17 at 13:01

3 Answers3

55
  1. Log into the Auth0 dashboard
  2. Go to account settings (top right under your username)
  3. On the general tab scroll down to the API Authorization Settings section
  4. Default Audience would be your API identifier (if you have an API)
  5. Default Directory would be your connection such as database connection name

In your POST to oauth/token do not include audience (if you specified the default above).

Gotta love how Auth0 makes authentication easy and painfully hard at the same time.

Refer below screenshot as a reference. enter image description here

Tarun Kumar
  • 2,918
  • 3
  • 15
  • 17
The Muffin Man
  • 19,585
  • 30
  • 119
  • 191
  • 1
    thanks @the-muffin-man, this worked like a charm . BTW, my error was slightly different and it was `Authorization server not configured with default connection` – sameera207 Jul 04 '18 at 11:58
  • @sameera207 I'm not surprised. Auth0 seems to change/update their UI relatively frequently. Feel free to update my answer. – The Muffin Man Jul 08 '18 at 21:36
  • What if I have two connections? It seems if I set Default Directory as one connection, the other connection will not work. How should I solve this issue? – user3293338 Aug 15 '18 at 16:52
  • I think this is just a default, so if you don't specify a connection then the default is used. So in your case I believe you'd want to send the value in your POST. I'm not sure what the variable name is in the POST or how you define it. – The Muffin Man Aug 15 '18 at 16:54
5

Go to Default App > Settings >

In the bottom of settings, Click {Show Advanced Settings}

Select Grant Types Tab

Check the password which is unchecked by default

Post request to *//oauth/token and it works

enter image description here

SIbghat
  • 281
  • 3
  • 5
3

These are the exact steps I have taken in order to resolve this exact issue

Login with browser on desktop At top right of UI, click click username, Settings

Scroll down to API Authorization Settings

Enter valid values in BOTH Default Audience, and Default Directory.

For example, for me I already had been using the Lock screen, and had already setup a Default Audience which I was setting in my client application and everything was working.

I also had already setup a Connections > Database, with the name of Username-Password-Authentication.

Here is a screenshot of it working after doing the above, using the postman collection , which at the time of writing, is contained here

https://app.getpostman.com/run-collection/2a9bc47495ab00cda178

which is referenced here

https://auth0.com/docs/api/authentication#code-samples

enter image description here

Judy007
  • 5,484
  • 4
  • 46
  • 68