Ask a Question
Log In / Sign Up
Resources
Ask a Question
Log In Sign Up

SoapUI 5.4.0 Client Credentials Grant - Get Access Token failure

think-about-it
New Contributor
‎01-24-2018 12:37 PM
‎01-24-2018 12:37 PM

SoapUI 5.4.0 Client Credentials Grant - Get Access Token failure

I'm trying to use SoapUI 5.4.0 "Get Token" functionality to get the access token for Client Credenttials OAuth2.

It fails with the error "Could not retrieve access token ...".

 

I'm running an Oracle ORDS server (17.4.1.353.06.48) in Standalone mode, HTTPS with a self-signed certificate.

I can successfully retrieve a token using curl UNIX command and also Advanced REST client.

 

I turned on logging on the ORDS server and the only difference I can spot is that SoapUI is not sending any Authorization with the Client Id and Client Secret.

 

SoapUI - this fails

POST /ords/dev/oauth/token HTTP/1.1

Host: 192.168.10.2

Connection: keep-alive

User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

Host: 192.168.10.2:8443

Content-Length: 103

Content-Type: application/x-www-form-urlencoded

 

curl - this works

POST /ords/dev/oauth/token HTTP/1.1

Host: 192.168.10.2

Authorization: Basic encrypted_client_id/secret

User-Agent: curl/7.56.1

Host: 192.168.10.2:8443

Accept: */*

Content-Length: 29

Content-Type: application/x-www-form-urlencoded

 

 

0 Kudos
4 REPLIES 4
JHunt
Community Hero
Community Hero
‎01-24-2018 02:32 PM
‎01-24-2018 02:32 PM

Some clients will request without authentication details. The idea is that the server will respond with a HTTP 401 response that includes a list of supported authentication types. Only once it is known what types will be accepted, the request is made again with the authentication details for the preferred authentication type.

 

In SoapUI, there is an option for 'Authenticate Preemptively' to send the chosen authentication type on the first attempt. This is on each request, or globally in Preferences > HTTP Settings.

0 Kudos
think-about-it
New Contributor
In response to JHunt
‎01-29-2018 05:33 PM
‎01-29-2018 05:33 PM

Thanks, I've set the global value (Preferences > HTTP Settings) but still no luck. I was unable to find the setting at the Request level.

Does that setting apply to SoapUIs "Get Token" requests or just to user defined requests?

0 Kudos
Palou
New Contributor
In response to think-about-it
‎06-14-2019 05:03 AM
‎06-14-2019 05:03 AM

Hi,

I have exactly the same issue with my OAuth Token retrieval.

In curl, the HTTP header Authorization is used to pass the client_id and client_secret.

With SoapUI 5.4.0, these 2 elements are send in the Body of the request, the oauth server is rejecting the request since it is expecting the HTTP header Authorization.

 

It seems to be a bug in SoapUI.

 

/Palou

0 Kudos
naveen8944
Contributor
In response to Palou
‎06-14-2019 12:44 PM
‎06-14-2019 12:44 PM

@Palou - Make sure MediaType as xxx-form-urlencoded and select Post query string. Add a header with content type as app/x-www-form-urlencoded. Screen shot below.

 

 

 

Untitled.png

0 Kudos
Subscribe
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: