Forum Discussion

think-about-it's avatar
think-about-it
New Contributor
7 years ago

SoapUI 5.4.0 Client Credentials Grant - Get Access Token failure

I'm trying to use SoapUI 5.4.0 "Get Token" functionality to get the access token for Client Credenttials OAuth2.

It fails with the error "Could not retrieve access token ...".

 

I'm running an Oracle ORDS server (17.4.1.353.06.48) in Standalone mode, HTTPS with a self-signed certificate.

I can successfully retrieve a token using curl UNIX command and also Advanced REST client.

 

I turned on logging on the ORDS server and the only difference I can spot is that SoapUI is not sending any Authorization with the Client Id and Client Secret.

 

SoapUI - this fails

POST /ords/dev/oauth/token HTTP/1.1

Host: 192.168.10.2

Connection: keep-alive

User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

Host: 192.168.10.2:8443

Content-Length: 103

Content-Type: application/x-www-form-urlencoded

 

curl - this works

POST /ords/dev/oauth/token HTTP/1.1

Host: 192.168.10.2

Authorization: Basic encrypted_client_id/secret

User-Agent: curl/7.56.1

Host: 192.168.10.2:8443

Accept: */*

Content-Length: 29

Content-Type: application/x-www-form-urlencoded

 

 

  • JHunt's avatar
    JHunt
    Community Hero
    7 years ago

    Some clients will request without authentication details. The idea is that the server will respond with a HTTP 401 response that includes a list of supported authentication types. Only once it is known what types will be accepted, the request is made again with the authentication details for the preferred authentication type.

     

    In SoapUI, there is an option for 'Authenticate Preemptively' to send the chosen authentication type on the first attempt. This is on each request, or globally in Preferences > HTTP Settings.

    • think-about-it's avatar
      think-about-it
      New Contributor
      7 years ago

      Thanks, I've set the global value (Preferences > HTTP Settings) but still no luck. I was unable to find the setting at the Request level.

      Does that setting apply to SoapUIs "Get Token" requests or just to user defined requests?

      • Palou's avatar
        Palou
        New Contributor
        6 years ago

        Hi,

        I have exactly the same issue with my OAuth Token retrieval.

        In curl, the HTTP header Authorization is used to pass the client_id and client_secret.

        With SoapUI 5.4.0, these 2 elements are send in the Body of the request, the oauth server is rejecting the request since it is expecting the HTTP header Authorization.

         

        It seems to be a bug in SoapUI.

         

        /Palou