我正在尝试使用Auth0进行身份验证并获取用户数据。
import json
import requests
payload = {
'grant_type': 'password',
'username': '********',
'password': '********',
'client_id': '********',
'connection': 'Username-Password-Authentication',
'scope': 'openid'
# 'scope': 'openid, read:clients, read:client_keys'
# 'scope': 'read:clients'
}
base = 'https://********.auth0.com'
url = base + '/oauth/ro'
response = requests.post(url, data=payload)
response = json.loads(response.content)
headers = {"Authorization": "bearer " + response["id_token"]}
response = requests.get(base + '/api/v2/clients/joebloggs', headers=headers).json()
print response
我一直在得到的是
{u'errorCode': u'insufficient_scope', u'message': u'Insufficient scope, expected any of: read:clients,read:client_keys', u'error': u'Forbidden', u'statusCode': 403}
究竟出了什么问题,怎么办?
答案 0 :(得分:3)
您不能将id_token用于Auth0 API。您需要API的特定令牌(v2)(在您的情况下,您需要read:client范围)。见这里:https://auth0.com/docs/api/management/v2