I'm testing the WSO2 Identity server using the Oauth 2.0 with a Python login application. The routine which I adjusted from another IdP server, throws an error at the token authorization step, after successfully passing through step 1 which is obtaining the request code. The error returning from the WSO2 server is:
"Provided Authorization Grant is invalid"
Console Log
*** start of login ***
Code received = 23618215e0ee701b973f548a3f8e7dda
Token Request Answered = <Response [400]>
Token Request Text = {"error":"invalid_grant","error_description":"Provided Authorization Grant is invalid."}
Token Request URL = https://extbasicpacman05.podc.sl.edst.red.com:9443/oauth2/token
Token Request Encoding = None
Code:
#print "Send Token Request now"
# prepare lookup of token using code as input
verify='/home/claudef/tmp/oauth_2/oauth/wso2.pem'
url = "https://extbasicpacman05.podc.sl.edst.red.com:9443/oauth2/token"
payload = { 'client_id': client_id, 'client_secret': client_secret, 'grant_type': 'authorization_code', 'code': str(code), 'redirect_uri': 'http://localhost/resources/oauth2Callback' }
urllib.urlencode(payload)
headers = { 'application' : 'x-www-form-urlencoded' }
r = requests.post(url, data=payload, headers=headers, verify=verify)
print "Token Request Answered = " + str(r)
print "Token Request Text = " + str(r.text)
print "Token Request URL = " + str(r.url)
print "Token Request Encoding = " + str(r.encoding)
Any hint how to fix the authorization grant using a code value is welcome.
Just identified the error cause, indeed its a coding error, as the callback URL contained a missing port definition. I've corrected the statements to the new setting and the token returned successfully from the WSO2 server. The problem is solved.
The error message "invalid grant" is somehow confusing, maybe a suggestion
for future improvements.
verify='/home/claudef/tmp/oauth2/oauth/wso2.pem'
url = "https://extbasicpacman05.podc.sl.edst.red.com:9443/oauth2/token"
payload = { 'client_id': client_id, 'client_secret': client_secret, 'grant_type': 'authorization_code', 'code': str(code), 'redirect_uri': 'http://localhost:8080/resources/oauth2Callback'}
urllib.urlencode(payload)
headers = { 'application' : 'x-www-form-urlencoded' }
r = requests.post(url, data=payload, headers=headers, verify=verify)
Related
I am trying to implement sign in with apple for my android app. I am able to login using apple id but while verifying token I am getting "invalid_client" error. I read few blogs where they were saying the problem can be with JWT token. I tried to use different method to sign JWT token but still the error is same. I am doing all these things from backend which is in RoR (Using rails 7.0.4). Following is the piece of code how I am encoding JWT token and trying to validate it on Apple server:
# I have .p8 file which I have downloaded from Apple developer portal for Sign in with Apple
def private_key
key_path = "path_to_p8_key_file_path"
OpenSSL::PKey::EC.new(IO.read(key_file_path))
end
def client_secret
payload = {
iss: "team_id",
iat: Time.now.to_i,
exp: Time.now.to_i + 3600,
aud: "https://appleid.apple.com",
sub: "my_reveresed_subdomain.service_id"
}
headers = { kid: "p8_key_id"}
JWT.encode(payload, private_key, 'ES256', headers)
end
def validate_token
token_url = "https://appleid.apple.com/auth/token"
body = {
client_id: "my_reveresed_subdomain.service_id",
client_secret: client_secret,
code: "code_received_from_apple_authorize_response",
grant_type: "authorization_code",
redirect_uri: "https_redirect_url"
}
response =
Faraday.post(url) do |req|
req.body = JSON.dump(body)
end
put "Response: #{response}" # here I get invalid_client error everytime
end
Following ways I have tried but still getting the same invalid_client error.
I tried to encode JWT token by converting p8 key to pem
Tried to change client id from service id to bundle id (App id which is reversed subdomain only)
Tried adding payload and headers on https://jwt.io/ website and used the encoded token
Can anyone help me to solve this error?
Thanks in advance.
I am trying to POST a payload to the web server using Simple.OData.Client in .Net application.
I have the following parameters:
Authorization = 'OAuth 2.0'
Grand Type = 'Authorization Code'
Callback URL = 'https://myserver.com/*'
Auth URL = 'https://myserver.com/auth'
Access Token URL = 'https://myserver/token'
Client ID = 'id'
Client Secret = 'secret'
Scope = 'openid'
Token Name = 'name'
I also have URL and endpoint for POST.
Using these parameters I can get Access Token and POST data successfully using Postman, the problem is to implement that on C#.
As I understand it has to be 2 steps process: get Access Token, post.
Could someone provide code for getting Access Token?
I follow hipchat site and try to get an add-on token
https://developer.atlassian.com/hipchat/guide/hipchat-rest-api/api-access-tokens?_ga=2.94621780.975509804.1497491262-871504840.1479901346#APIaccesstokens-Add-ongeneratedtokens
I have the following code:
import requests
secret = 'hipchat_secret'
headers = {'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': 'Basic {}'.format(secret)}
url = 'https://api.hipchat.com/v2/oauth/token?grant_type=client_credentials&scope=send_notification+admin_room'
res = requests.post(url, headers=headers)
But it gives me a 500 Internal Server Error. What is wrong with my code?
The mistake was I used v1 token.
It works perfect when I switch to v2
I am facing an issue with the oauth access token generation using WSO2 identity server as authentication server.The access token is not getting generated.
I have followed the steps in the below url -
http://wso2.com/library/articles/2015/09/article-how-to-generate-api-manager-access-tokens-using-multi-factor-authentication/
Instead of the second level of yahoo authentication, I have included my customized AuthServer authentication.This AuthServer code is responsible of handling the OAuth 2.0 tokens and clients details.
Program flow
I have an html which has a link on click of which hits the below url:-
https://localhost:8244/authorize?response_type=code&client_id=CeYYVyMbL2CAfoelSlUlZfFrwSQa&redirect_uri=https://localhost:8443/ClientProj/redirect.html
The client_id here is the client_id of the application in the API manager store.The redirect uri is the url of my sample client.
In the response header of the above request I am recieving the authorize code.This authorize code is used to get the actual access token as below request(POST)
Please help with a solution.
Did you try to use: 'grant_type': 'authorization_code' ?
Example (Python):
payload = { 'client_id': client_id, 'client_secret': client_secret, 'grant_type': 'authorization_code', 'code': str(code), 'redirect_uri': 'http://localhost:8080/resources/oauth2Callback'}
urllib.urlencode(payload)
headers = { 'application' : 'x-www-form-urlencoded' }
r = requests.post(url, data=payload, headers=headers, verify=verify)
# prepare lookup of token using code as input
url = "https://myserver.red.com:9443/token"
payload = { 'key': client_id, 'secret': client_secret, 'grant_type': 'authorization_code', 'code': str(code) }
urllib.urlencode(payload)
headers = { 'application' : 'x-www-form-urlencoded' }
r = requests.post(url, data=payload, headers=headers)
I'm trying to get an authorization token using the Username-Password flow (as described in the final section of this article).
I'm sending the following request (using Python's httplib, in case that's relevant):
https://login.salesforce.com/services/oauth2/token
POST data:
username=<un>&client_secret=<consumer_secret>&password=<pw+token>&grant_type=password&client_id=<consumer_key>
And getting the response:
400 Bad Request
{"error":"unsupported_grant_type","error_description":"grant type not supported"}
Is the password grant_type really unsupported, or am I missing something? It seems to give this error even when I'm sending a grant_type that definitely does work (such as authorization_code).
Note that I've tried the suggestions in the answer here, and they don't work for me.
Typically this is because the content-type header has not been set to the correct value, it should be application/x-www-form-urlencoded.
Also make sure your parameters are correctly encoded (especially if you're building the POST payload by hand).
Below is detailed function/logic on how to use grant_type=password oauth flow with salesforce.com in JAVA:
// Authenticate via OAuth
JSONObject response = oauthLogin();
System.out.println("Login response: " + response.toString(2));
if (!response.has("access_token")) {
throw new Exception("OAuth failed: " + response.toString());
}
..........................
private static JSONObject oauthLogin() throws Exception {
org.eclipse.jetty.client.HttpClient jettyHttpClient = new org.eclipse.jetty.client.HttpClient();
jettyHttpClient.start();
String url = LOGIN_SERVER + "/services/oauth2/token";
ContentExchange exchange = new ContentExchange();
exchange.setMethod("POST");
exchange.setURL(url);
String message = "grant_type=password&client_id=" + CLIENT_ID
+ "&client_secret=" + CLIENT_SECRET + "&username=" + USERNAME
+ "&password=" + PASSWORD;
exchange.setRequestHeader("Content-Type",
"application/x-www-form-urlencoded");
exchange.setRequestContentSource(new ByteArrayInputStream(message
.getBytes("UTF-8")));
jettyHttpClient.send(exchange);
exchange.waitForDone();
return new JSONObject(new JSONTokener(exchange.getResponseContent()));
}
You must set the grant_type as "password" in the form data. See below.
The form data should be passed ad
grant_type=password&username=nilavghosh%40gmail.com&password=******