Checking Application Programming Interface (API) calls helps isolate the source of authentication and authorization issues in Auth0. Verify Management API calls and other API calls by inspecting access tokens, scopes, and network logs to resolve unexpected behavior.

• Auth0
• Application Programming Interface (API)
• Troubleshooting

How are the Management API calls checked for troubleshooting?

Perform the following checks to verify Management API calls and ensure access tokens function correctly.

• Verify the presence of a Management API Access Token.
• Verify that the access token remains valid and unexpired.
• Verify that the access token contains the scopes needed for the executed call.
• Verify that any rule that adjusts the scopes in the access token or checks user permissions executes correctly.
• Obtain the access token from an HTTP Archive (HAR) file and test it in the Auth0 Management API Explorer to verify functionality.
  NOTE: Remove or obfuscate all sensitive data, including confidential user information, Personally Identifiable Information (PII), and application information, before sharing a HAR file. Review the Related References section for more information on sanitizing HTTP traces.
• Rules do not execute when the Auth0 Management API is called from an application that authenticates with the Client Credentials Flow. Use an Action in the Machine-to-Machine Flow on the credentials-exchange trigger to achieve functionality similar to a rule.

How are other API calls checked for troubleshooting?

Perform the following checks to verify other API calls and resolve access token validation errors.

• Check the HAR file to ensure the access token contains the correct scopes to call the API.
• Check if the response to the /authorize endpoint call contains a scopes object. Verify if the returned scopes differ from the requested scopes if a scopes object exists.
• Ensure the API validates the Access Token. The API must validate the audience, issuer, client, signature algorithm, signature, claims, and permissions.
• Resolve access token expiration errors caused by clock skew differences across different systems or language libraries (such as Java and Node.js) by running Network Time Protocol (NTP) on servers and configuring a clock skew tolerance in libraries used to validate tokens, such as jwt.verify.

NOTE: Review the Monitoring page for more details on each log event that can assist with troubleshooting.

Related References

• Sanitizing HTTP Traces
• How to Sanitize an HTTP Trace File Automatically
• How to Manually Redact Sensitive Information
• HAR File is Too Large to Upload to the Support Case
• Call Your API Using the Authorization Code Flow with PKCE
• Call Your API Using the Authorization Code Flow
• Call Your API Using the Client Credentials Flow
• Call Your API Using the Device Authorization Flow