Customize the claims of an M2M token
Machine-to-Machine (M2M)
If you’re using a machine-to-machine (M2M) application to request tokens or call APIs, you may encounter errors related to token generation or usage.
This guide covers the most common issues and how to resolve them.
These errors occur when calling the token endpoint (/oauth2/token
).
invalid_client
Cause:
client_id
or client_secret
is incorrectFix:
unauthorized_client
Cause:
Fix:
invalid_scope
Cause:
Fix:
invalid_request
Cause:
audience
, unsupported grant_type
Fix:
grant_type=client_credentials
client_id
, client_secret
, and audience
application/x-www-form-urlencoded
These occur when using the token to call Kinde or your own API.
401 Unauthorized
Cause:
Authorization
headerFix:
Authorization: Bearer <token>
exp
claim)403 Forbidden
Cause:
org_code
doesn’t match the route or resourceFix:
org_code
and compare to the resource being accessedscopes
and ensure the required permission is presentorg_code
Cause:
Fix:
org_code
, create an org-scoped M2M app