Skip to content

Instantly share code, notes, and snippets.

@arielweinberger

arielweinberger/cURL Snippet - Test Token

Created April 29, 2020 19:26
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 7 You must be signed in to fork a gist
  • Save arielweinberger/21d3b72bb4f345a410abb7e98a17cc96 to your computer and use it in GitHub Desktop.
Save arielweinberger/21d3b72bb4f345a410abb7e98a17cc96 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cURL Snippet - Test Token
curl --location --request POST 'https://YOUR_AUTH0_DOMAIN/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=YOUR_AUTH0_CLIENT_ID' \
--data-urlencode 'username=YOUR_USERNAME' \
--data-urlencode 'password=YOUR_PASSWORD' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'scope=openid'
@gauravgusa
Copy link

above is now returning A256GCM encoded token and jwt.io indicate that token is invalid
{
"alg": "dir",
"enc": "A256GCM",
"iss": "https://sls-course-garg.us.auth0.com/"
}

@tihobanov
Copy link

You have to add audience to the request

--data-urlencode 'audience=YOUR_AUDIENCE_IDENTIFIER'

@MarkiyanPyts
Copy link

can you please provide a working example?

I don't know where to find YOUR_AUDIENCE_IDENTIFIER

@samcyn
Copy link

samcyn commented Jan 29, 2023

for anyone stuck and looking for a way out. from Oauth0 dashbooard, You can go to Applications- Apis and then under the test tab you will find a sample curl you can test.
something like this

curl --request POST \
  --url https://YOUR_AUTH0_DOMAIN/oauth/token \
  --header 'content-type: application/json' \
  --data '{"client_id":"CLIENT_ID","client_secret":"CLIENT_SECRET","audience":"https://YOUR_AUTH0_DOMAIN/api/v2/","grant_type":"client_credentials"}'

@IvanPKostadinov
Copy link

IvanPKostadinov commented Oct 24, 2023
edited

Here is a working example:

curl --request POST \
--url https://YOUR_AUTH0_DOMAIN/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"YOUR_AUTH0_CLIENT_ID","client_secret":"YOUR_AUTH0_CLIENT_SECRET","audience":"https://YOUR_AUTH0_DOMAIN/api/v2/","username":"YOUR_USERNAME","password":"YOUR_PASSWORD","grant_type":"password"}'

Another option is to use Postman, as mentioned in this comment. Remember to also add your client_secret to the Request body (it is not shown in the comment).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment