Forum Discussion

waqas786uk's avatar
waqas786uk
Visitor
10 years ago

Request an oAuth2 token without "Client Secret"

Hi Guys,

 

I'm trying to add support for oAuth2 to my requests. I am using the "Authorisation Code Grant" flow to get a token from the server. Now, my server does not have a Client Secret so I have not entered one in the required field in the dialog. Right now my request details looks like this (sensitive info redacted):

 

soap_oauth.png

 

The problem is that when I try to get the Access Token SOAP UI returns "Invalid OAuth 2 parameters: Client Secret is empty" error. Is there a value I can enter into the field to make SOAPUI ignore the Client Secret? Is there any other workaround for this (wildcard etc?). Any hep would be appreciated.

 

Thanks,

Waqas

  • kevinds89's avatar
    kevinds89
    New Contributor

    This has been very frustrating for me and I'm now writing this 3 years after your post. Anyways I've gotten around it a little by using some code in the automation section. Hopefully this helps any other poor souls. I grab the auth code from my redirect URI, then I post it manually and use a page that simply displays my URL to me. This way I can copy and paste into SOAP UI. Not a great workflow but stops me from having to open PostMan or something else.

     

    if(document.URL.startsWith("<redirect URI>")) {
    var code = document.URL.split('?')[1].split('=')[1];
    var URL = "<Token URL> ";
    var xhr = new XMLHttpRequest();
    xhr.open('POST', URL, false);
    var body = "&grant_type=authorization_code&code=" + code + "&redirect_uri=<redirect URI>&client_id=${#Project#ClientId}";
    xhr.setRequestHeader('Content-Type',"application/x-www-form-urlencoded");
    xhr.send(body);
    var theResponse = JSON.parse(xhr.response);
    var token = theResponse.access_token;
    this.location = "<reflection page URL>?access_token=" + token;
    }