Request an oAuth2 token without "Client Secret"

waqas786uk · ‎02-03-2015

Hi Guys,

I'm trying to add support for oAuth2 to my requests. I am using the "Authorisation Code Grant" flow to get a token from the server. Now, my server does not have a Client Secret so I have not entered one in the required field in the dialog. Right now my request details looks like this (sensitive info redacted):

The problem is that when I try to get the Access Token SOAP UI returns "Invalid OAuth 2 parameters: Client Secret is empty" error. Is there a value I can enter into the field to make SOAPUI ignore the Client Secret? Is there any other workaround for this (wildcard etc?). Any hep would be appreciated.

Thanks,

Waqas

kevinds89 · ‎12-31-2018

This has been very frustrating for me and I'm now writing this 3 years after your post. Anyways I've gotten around it a little by using some code in the automation section. Hopefully this helps any other poor souls. I grab the auth code from my redirect URI, then I post it manually and use a page that simply displays my URL to me. This way I can copy and paste into SOAP UI. Not a great workflow but stops me from having to open PostMan or something else.

if(document.URL.startsWith("<redirect URI>")) {
var code = document.URL.split('?')[1].split('=')[1];
var URL = "<Token URL> ";
var xhr = new XMLHttpRequest();
xhr.open('POST', URL, false);
var body = "&grant_type=authorization_code&code=" + code + "&redirect_uri=<redirect URI>&client_id=${#Project#ClientId}";
xhr.setRequestHeader('Content-Type',"application/x-www-form-urlencoded");
xhr.send(body);
var theResponse = JSON.parse(xhr.response);
var token = theResponse.access_token;
this.location = "<reflection page URL>?access_token=" + token;
}