Check API Calls
Check Management API calls
- Do you have a Management API Access Token?
- Did the Access Token expire?
- Did the Access Token contain the scopes needed for the call you made?
- If a rule adjusts the scopes in the Access Token or checks whether specific users are allowed to have the scopes, have you checked the rule to make sure it is executing correctly?
- Get the Access Token from a HAR file and test it in the Auth0 Management API Explorer to see if it works there.
- If you are calling the Auth0 Management API from an application that authenticates with Client Credentials flow, note that rules are not executed in this context. The Client Credentials Exchange Hook can be used in this context instead, for functionality similar to a rule.
Check other API calls
- Check in the HAR file if the Access Token contains correct scopes to call the API.
- Check if the response to the
/authorizeendpoint call contains a scopes object. If so, check if the returned scopes are different from the requested scopes.
- Make sure your API can validate the Access Token. It should validate the audience, issuer, client (if any), signature algorithm, signature, claims and permissions.
- If you experience errors with Access Token expiration, they could be caused by clock skew differences manifested across different systems or even different language libraries, such as Java and Node.js. This can be handled by running NTP on servers and configuring a clock skew tolerance in libraries used to validate tokens such as jwt.verify.
See Log Events for more details on each of the log events that can help you troubleshoot issues.
- Learn Identity Video: Calling an API
- Best Practices: Minimize API requests
- Best Practices: Consider use of explicit timeouts when making API calls
- Call APIs Using the Implicit Flow
- Call APIs Using the Client Credentials Flow
- Call APIs Using the Authorization Code Flow
- Call APIs Using Authorization Code Flow with PKCE
- Call APIs Using Device Authorization Flow
- Call APIs Using Hybrid Flow
- Call Identity Provider APIs
- Call APIs with Auth0 Tokens
- Call APIs from Highly Trusted Applications
- Call APIs from Machine-to-Machine Applications
- Call AWS APIs and Resources Securely with Tokens