CODEWITHSUNDEEP
wso2
Andrey Filyanin
Andrey Filyanin

Reputation: 87

WSO2 API Manager oAuth2 secret_token validation service problems

We have installed WSO2 Api Manager without standalone Identity Server (identity is embedded ). When i try to check oAuth2 user access_token with OAuth2TokenValidationService with curl command:

curl --user apivalidatekey:apivalidatekey --header "Content-Type: text/xml" -k -d @soap.xml https://localhost:8243/services/OAuth2TokenValidationService/

where soap.xml is:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:xsd="http://org.apache.axis2/xsd"
 xmlns:xsd1="http://dto.oauth2.identity.carbon.wso2.org/xsd">
 <soapenv:Header/>
  <soapenv:Body>
  <xsd:validate>
     <!--Optional:-->
     <xsd:validationReqDTO>
        <!--Optional:-->
        <xsd1:accessToken>691e72a68e2f0e0c07a4236c14c485</xsd1:accessToken>
        <!--Optional:-->
        <xsd1:tokenType>bearer</xsd1:tokenType>
     </xsd:validationReqDTO>
  </xsd:validate>
</soapenv:Body>
</soapenv:Envelope>

I`v got an error on API Manager host in wso2carbon.log:

TID: [0] [AM] [2014-02-05 14:19:03,945] ERROR {java.lang.Class} -  System failure.null {java.lang.Class}
java.lang.NullPointerException
at org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.doAuthorization(AuthorizationHandler.java:105)
at org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.invoke(AuthorizationHandler.java:88)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:404)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:184)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)

What is the problem, does embedded IS supports such a web service, because i can get a wsdl for it:

wget --no-check-certificate https://localhost:9443/services/OAuth2TokenValidationService?wsdl

Upvotes: 2

Views: 1362

Answers (1)

Asela
Asela

Reputation: 5821

"OAuth2TokenValidationService" is an admin service that is secured. Therefore to invoke this service, you must send the privileged users credentials in Basic authentication header. But It seems to be that you are sending the api key and secret which is not valid. Could you please try to send default admin users credentials (which is "admin" "admin")in basic auth header and see.

curl --user admin:admin --header "Content-Type: text/xml" --header "SOAPAction: validate" -k -d @soap.xml https://localhost:9443/services/OAuth2TokenValidationService/

Upvotes: 2

Related Questions