Forum Discussion

evonhaden's avatar
evonhaden
New Contributor
9 years ago

oAuth Client Credentials Grant

Hello, I just pulled down Ready API and am trying the oAuth client crednetials grant flow from the Auth Manager wizard.  I have properly populated the Client ID, Client Secret, Access Token URI, and scope and verified the values with a home grown JUnit test.  I attempted to retrieve an access token using the "Get Access Token" button and result in the below output for each of the listed log files.

 

The client id and credentials are set and displayed per the following line in the HTTP log file:

grant_type=client_credentials&scope=create&client_secret=[CLIENT SECRET IS CORRECT]&client_id=bDjqy4CPfadQlpLT

 

I also checked to see if there was an update, but i am on the latest version of the product.

 

Additional Info

The oAuth server is a Spring Boot 1.3.1 app running under java 1.8.  My guess bassed on what is being logged is that the request to obtain the access token includes client_secret & client_id as parameters rather than basic auth "Authorization Basic" encoded header value - as does the home grown JUnit test. 

 

I am able to manually retrieve an "access token" and set it manually and SOAP UI works but this requires manual steps outside of soap ui.  Any suggestions for a correction or good work around?

 

Ready! API log

Mon Feb 08 16:44:22 CST 2016:ERROR:An error occurred [OAuthProblemException{error='unauthorized', description='Full authentication is required to access this resource', uri='null', state='null', scope='null', redirectUri='null', responseStatus=0, parameters={}}], see error log for details
Mon Feb 08 16:44:22 CST 2016:ERROR:An error occurred [org.apache.oltu.oauth2.common.exception.OAuthSystemException: OAuthProblemException{error='unauthorized', description='Full authentication is required to access this resource', uri='null', state='null', scope='null', redirectUri='null', responseStatus=0, parameters={}}], see error log for details

 

HTTP Log:

Mon Feb 08 16:44:21 CST 2016:DEBUG: >> "CONNECT [URL TO OUR OAUTH SERVER IS CORRECT]:443 HTTP/1.1[\r][\n]"
Mon Feb 08 16:44:21 CST 2016:DEBUG: >> "Host: [URL TO OUR OAUTH SERVER IS CORRECT][\r][\n]"
Mon Feb 08 16:44:21 CST 2016:DEBUG: >> "Proxy-Connection: Keep-Alive[\r][\n]"
Mon Feb 08 16:44:21 CST 2016:DEBUG: >> "User-Agent: Apache-HttpClient/4.3.1 (java 1.5)[\r][\n]"
Mon Feb 08 16:44:21 CST 2016:DEBUG: >> "[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: << "HTTP/1.1 200 Connection established[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: << "[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "POST /oauth/token HTTP/1.1[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "Content-Type: application/x-www-form-urlencoded[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "Content-Length: 100[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "Host:[URL TO OUR OAUTH SERVER IS CORRECT][\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "Connection: Keep-Alive[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "User-Agent: Apache-HttpClient/4.3.1 (java 1.5)[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "[\r][\n]"
Mon Feb 08 16:44:22 CST 2016:DEBUG: >> "grant_type=client_credentials&scope=create&client_secret=[CLIENT SECRET IS CORRECT]&client_id=bDjqy4CPfadQlpLT"

 

 

3 Replies

    • evonhaden's avatar
      evonhaden
      New Contributor

      Hello Tanya,

       

      I did pull down the latest snapshot.  But, I had the same problem.  I have another developer seeing the same issue.  Per the spring oAuth client implementation that works against the oAuth 2.0 authorization server, it appears that the problem could be that the oAuth 2.0 request being passed from the SoapUI client is not passing a header as a Authorization with a value of "Bearer [OAUTH 2.0 TOKEN].

      • TanyaYatskovska's avatar
        TanyaYatskovska
        SmartBear Alumni (Retired)

        Hi Evonhaden,

         

        Thanks for letting me know this. I would appreciate it if you submitted the issue to our Support Team.