"client not found" on `POST /oauth/v2/token` when using `client_credentials` grant type flow
Original message was deleted
Fhey, great that you find the solution already.
On auth0 I think the do something like that indeed.
We though chose to make it explicit, but sometimes this impacts the UX a little
On auth0 I think the do something like that indeed.
We though chose to make it explicit, but sometimes this impacts the UX a little
HI'm still stuck with the same issue even after creating a service user and assigning the project role.
Details:
ā¢ The API application is configured with Basic authentication.
ā¢ The Client ID is correct ā triple-checked.
ā¢ The service user exists, has the required project role, and the API app is assigned.
ā¢ I'm using standard client_credentials flow exactly as in the docs.
Request:
POST /oauth/v2/token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <base64(clientId:clientSecret)>
grant_type=client_credentials
scope=openid profile
Response:
400 Bad Request
{
error: "invalid_client",
error_description: "client not found"
}
At this point it feels like ZITADEL simply doesn't recognize the client ID at all. If there's an extra step required beyond creating a service user + linking roles, it isn't documented anywhere. Any ideas on what could cause the token endpoint to not see the client?
Details:
ā¢ The API application is configured with Basic authentication.
ā¢ The Client ID is correct ā triple-checked.
ā¢ The service user exists, has the required project role, and the API app is assigned.
ā¢ I'm using standard client_credentials flow exactly as in the docs.
Request:
POST /oauth/v2/token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <base64(clientId:clientSecret)>
grant_type=client_credentials
scope=openid profile
Response:
400 Bad Request
{
error: "invalid_client",
error_description: "client not found"
}
At this point it feels like ZITADEL simply doesn't recognize the client ID at all. If there's an extra step required beyond creating a service user + linking roles, it isn't documented anywhere. Any ideas on what could cause the token endpoint to not see the client?