auth0.js: Access denied - unauthorized

Hi, We are currently using the lock and my task is to change the method to API. I read the whole documentations and gits but it didn’t help with my problem. Note that the same user/pass works fine with lock. I also tested this code with user/pass only. The same error occurred. Here’s my code:

    login() {
        const auth0 = new Auth0.WebAuth({
            domain: 'mydomain.auth0.com',
            clientID: 'XXXXXXX',
        });

        auth0.client.login({
            realm: 'Username-Password-Authentication', 
            username: this.refs.epost.value,
            password: this.refs.password.value,
            scope: 'openid profile',
        }, function (err, authResult) {
            alert(err.code);
            console.log(err);
        });
    },

Response

{error: "access_denied", error_description: "Unauthorized"}
error:"access_denied"
error_description:"Unauthorized"

Request payload

client_id:"XXXX"
grant_type:"http://auth0.com/oauth/grant-type/password-realm"
password:"123456"
realm:"Username-Password-Authentication"
scope:"openid profile"
username:"test013@mydomain.com"

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 4
  • Comments: 15 (4 by maintainers)

Most upvoted comments

For anyone else that stumbles upon this… I had the same problem with a different solution: in the tutorial it has you create an “Email domain whitelist” rule and it says if you don’t turn it off, people won’t be able to log in… I thought I turned off, but after 30 minutes of scratching my head, I realized I didn’t. So, check that before you go crazy.

You can check that in Auth0 Dashboard -> Client -> Settings

@saikatharryc no. Client -> Tab Settings -> Client Type

image

@hzalaz Ugh, such a simple fix after hours of banging my head against the wall.

@sdpetersen Thank you so much, literally spent 2 days on this issue, at last your solution worked!! I am so happy.

@pooya1361 make sure the type of your client is SPA