cancel
Showing results for 
Search instead for 
Did you mean: 

oAuth Client Credentials Grant

Highlighted
New Contributor

oAuth Client Credentials Grant

Hello, I just pulled down Ready API and am trying the oAuth client crednetials grant flow from the Auth Manager wizard.  I have properly populated the Client ID, Client Secret, Access Token URI, and scope and verified the values with a home grown JUnit test.  I attempted to retrieve an access token using the "Get Access Token" button and result in the below output for each of the listed log files.

 

The client id and credentials are set and displayed per the following line in the HTTP log file:

grant_type=client_credentials&scope=create&client_secret=[CLIENT SECRET IS CORRECT]&client_id=bDjqy4CPfadQlpLT

 

I also checked to see if there was an update, but i am on the latest version of the product.

 

Additional Info

The oAuth server is a Spring Boot 1.3.1 app running under java 1.8.  My guess bassed on what is being logged is that the request to obtain the access token includes client_secret & client_id as parameters rather than basic auth "Authorization Basic" encoded header value - as does the home grown JUnit test. 

 

I am able to manually retrieve an "access token" and set it manually and SOAP UI works but this requires manual steps outside of soap ui.  Any suggestions for a correction or good work around?

 

Ready! API log

Mon Feb 08 16:44:22 CST 2016:ERROR:An error occurred [OAuthProblemException{error='unauthorized', description='Full authentication is required to access this resource', uri='null', state='null', scope='null', redirectUri='null', responseStatus=0, parameters={}}], see error log for details
Mon Feb 08 16:44:22 CST 2016:ERROR:An error occurred [org.apache.oltu.oauth2.common.exception.OAuthSystemException: OAuthProblemException{error='unauthorized', description='Full authentication is required to access this resource', uri='null', state='null', scope='null', redirectUri='null', responseStatus=0, parameters={}}], see error log for details

 

HTTP Log:

Mon Feb 08 16:44:21 CST 2016:DEBUG: >> "CONNECT [URL TO OUR OAUTH SERVER IS CORRECT]:443 HTTP/1.1[\r][\n]"
Mon Feb 08 16:44:21 CST 2016:DEBUG: >> "Host: [URL TO OUR OAUTH SERVER IS CORRECT][\r][\n]"
Mon Feb 08 16:44:21 CST 2016:DEBUG: >> "Proxy-Connection: Keep-Alive[\r][\n]"
Mon Feb 08 16:44:21 CST 2016:DEBUG: >> "User-Agent: Apache-HttpClient/4.3.1 (java 1.5)[\r][\n]"
Mon Feb 08 16:44:21 CST 2016:DEBUG: >> "[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: << "HTTP/1.1 200 Connection established[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: << "[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "POST /oauth/token HTTP/1.1[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "Content-Length: 100[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "Host:[URL TO OUR OAUTH SERVER IS CORRECT][\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "Connection: Keep-Alive[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "User-Agent: Apache-HttpClient/4.3.1 (java 1.5)[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "grant_type=client_credentials&scope=create&client_secret=[CLIENT SECRET IS CORRECT]&client_id=bDjqy4CPfadQlpLT"

 

 

3 REPLIES 3
Highlighted
Community Manager

Hi Evonhaden,

 

I suggest that you check if you see the same issue when using the latest maintenance build. You can download it here: https://support.smartbear.com/downloads/readyapi/nightly-builds/

 

If the issue persists, could you please contact our Ready! API Support Team? They will investigate the issue and provide your with a solution.

 

---------
Tanya Gorbunova
SmartBear Community Manager

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others. ⬇️⬇️⬇️
Highlighted

Hello Tanya,

 

I did pull down the latest snapshot.  But, I had the same problem.  I have another developer seeing the same issue.  Per the spring oAuth client implementation that works against the oAuth 2.0 authorization server, it appears that the problem could be that the oAuth 2.0 request being passed from the SoapUI client is not passing a header as a Authorization with a value of "Bearer [OAUTH 2.0 TOKEN].

Highlighted

Hi Evonhaden,

 

Thanks for letting me know this. I would appreciate it if you submitted the issue to our Support Team.

---------
Tanya Gorbunova
SmartBear Community Manager

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others. ⬇️⬇️⬇️
New Here?
Join us and watch the welcome video:
Announcements
Top Kudoed Authors