Reputation: 161
Unable to get token from Thinktecture Authorization Server
I am unable to get an access token from Thinktecture Authorization Server. After successfully getting grant code, I try make a POST request to the token endpoint, but always get a 400 Bad Request with this response: message: "{ "error": "invalid_client" }"
My request was: POST to https://host/authz/users/oauth/token request body: {"code":"grant_code_received_from_previous_request","client_id":"myclient","grant_type":"authorization_code","client_secret":"mysecret"}
My client is setup properly in the Authorization Server. My client id and secret are correct; they are the same value I used to the grant code in the previous request (/users/oauth/authorize).
Any idea for this "invalid_client" issue? There is no other information in the response other than "invalid_client".
Upvotes: 3
Views: 1765
Answers (3)
Reputation: 2121
I followed @leastprivilege advice and did that:
// set up the base64-encoded credentials
let clientId = "myclientid"
let clientSecret = "myclientsecret"
let loginString = NSString(format: "%@:%@", clientId, clientSecret)
let loginData: NSData = loginString.dataUsingEncoding(NSUTF8StringEncoding)!
let base64LoginString = loginData.base64EncodedStringWithOptions(NSDataBase64EncodingOptions(0))
After that created the request instance like this:
var request = NSMutableURLRequest(URL: myUrl!)
request.HTTPMethod = "POST"
// Only these four are required based on the documentation.
let postString = "grant_type=authorization_code&code=\(code)&redirect_uri=app:/your.redirect.uri"
request.HTTPBody = postString.dataUsingEncoding(NSUTF8StringEncoding)
request.setValue("Basic \(base64LoginString)", forHTTPHeaderField: "Authorization")
Hope it helps!
Upvotes: 0
Reputation: 18482
you need to send client credentials using http basic authentication instead of posting Id and secret in the body.
Upvotes: 3
Reputation: 31
You can get the more information on the logging file. Take a look at it, you can check the logging options on the web.config of the Identity Server:
<system.diagnostics>
<!-- simple system.diagnostics logger -->
<trace autoflush="true" indentsize="4">
<listeners>
<add name="myListener" type="System.Diagnostics.TextWriterTraceListener" initializeData="Trace.log" />
<remove name="Default" />
</listeners>
</trace>
<!-- can be used with TraceSource logger -->
<!--<sources>
<source name="Thinktecture.IdentityServer"
switchValue="Information, ActivityTracing">
<listeners>
<add name="xml"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData= "trace.svclog" />
</listeners>
</source>
</sources>-->
More information about logging at: http://identityserver.github.io/Documentation/docs/configuration/logging.html
Upvotes: -1
Related Questions
- Invalid_Grant error when using Refresh Token
- Bearer was not authenticated: Signature validation failed
- Thinktecture identity server client selection and implementation
- Thinktecture BasicAuthenticationSecurityTokenHandler returning StatusCode 500, Internal Server Error
- Validate Thinktecture OAuth Token in web api
- Thinktecture IdentityServer getting started walkthrough error
- OAuth2 authorization server with claims
- How to set up Thinktecture Authorization Server
- Single Sign On With thinktecture IdentityServer v2
- Authorize using Oauth2 Token in Asp.Net WebAPI