Specify audience in Oauth 2.0 Client Credentials flow #4663
Description
Hi, I'm trying to test the built in securityIn with client credentials flow but getting an error because I haven't specified an audience on this server I set up in auth0.
val oauthToken = apiEndpoint
.in("oauth" / "client")
.securityIn(auth.oauth2.clientCredentialsFlow("https://<omitted>.us.auth0.com/oauth/token"))
.out(stringBody)
curL created by Tapir/Swagger
curl 'https://<omitted>.us.auth0.com/oauth/token' \
-H 'accept: application/json, text/plain, */*' \
-H 'accept-language: en-US,en;q=0.9' \
-H 'authorization: Basic <omitted>' \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'dnt: 1' \
-H 'origin: http://localhost:8083' \
-H 'priority: u=1, i' \
-H 'referer: http://localhost:8083/' \
-H 'sec-ch-ua: "Chromium";v="137", "Not/A)Brand";v="24"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'sec-ch-ua-platform: "macOS"' \
-H 'sec-fetch-dest: empty' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-site: cross-site' \
-H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36' \
-H 'x-requested-with: XMLHttpRequest' \
--data-raw 'grant_type=client_credentials'
Auth0's sample request on how they want it to look like.
curl --request POST \
--url https://<omitted>.us.auth0.com/oauth/token \
--header 'content-type: application/json' \
--data '{
"client_id":"<omitted>",
"client_secret":".<omitted>",
"audience":"https:/<omitted>.us.auth0.com/api/v2/",
"grant_type":"client_credentials"
}'
Right now I'm getting this error in my Swagger:
EDIT: I can get around this by specifying a default audience in Auth0 but this question is still relevant.