Ask a Question

SoapUI 5.4.0 Client Credentials Grant - Get Access Token failure

New Contributor

SoapUI 5.4.0 Client Credentials Grant - Get Access Token failure

I'm trying to use SoapUI 5.4.0 "Get Token" functionality to get the access token for Client Credenttials OAuth2.

It fails with the error "Could not retrieve access token ...".


I'm running an Oracle ORDS server ( in Standalone mode, HTTPS with a self-signed certificate.

I can successfully retrieve a token using curl UNIX command and also Advanced REST client.


I turned on logging on the ORDS server and the only difference I can spot is that SoapUI is not sending any Authorization with the Client Id and Client Secret.


SoapUI - this fails

POST /ords/dev/oauth/token HTTP/1.1


Connection: keep-alive

User-Agent: Apache-HttpClient/4.1.1 (java 1.5)


Content-Length: 103

Content-Type: application/x-www-form-urlencoded


curl - this works

POST /ords/dev/oauth/token HTTP/1.1


Authorization: Basic encrypted_client_id/secret

User-Agent: curl/7.56.1


Accept: */*

Content-Length: 29

Content-Type: application/x-www-form-urlencoded



Community Hero

Some clients will request without authentication details. The idea is that the server will respond with a HTTP 401 response that includes a list of supported authentication types. Only once it is known what types will be accepted, the request is made again with the authentication details for the preferred authentication type.


In SoapUI, there is an option for 'Authenticate Preemptively' to send the chosen authentication type on the first attempt. This is on each request, or globally in Preferences > HTTP Settings.

Thanks, I've set the global value (Preferences > HTTP Settings) but still no luck. I was unable to find the setting at the Request level.

Does that setting apply to SoapUIs "Get Token" requests or just to user defined requests?


I have exactly the same issue with my OAuth Token retrieval.

In curl, the HTTP header Authorization is used to pass the client_id and client_secret.

With SoapUI 5.4.0, these 2 elements are send in the Body of the request, the oauth server is rejecting the request since it is expecting the HTTP header Authorization.


It seems to be a bug in SoapUI.



@Palou - Make sure MediaType as xxx-form-urlencoded and select Post query string. Add a header with content type as app/x-www-form-urlencoded. Screen shot below.





Showing results for 
Search instead for 
Did you mean: