django-oauth-toolkit 'invalid client' error after deploy on AWS Elasticbeanstalk

Question

I use django-oauth-toolkit with my django/django-rest-framework application. When I request an access token in dev mode on localhost, it works OK:

dev@devComp:$ curl -X POST -d "grant_type=password&username=
<user_name>&password=<password>" -u"<client_id>:<client_secret>" 
http://localhost:8000/o/token/
{"access_token": "fFySxhVjOroIJkD0IuEXr5WIhwdXg6", "expires_in": 
36000, "token_type": "Bearer", "scope": "read write groups", 
"refresh_token": "14vhyaCZbdLtu7sq8gTcFpm3ro9YxH"}

But if I request an access token from absolutely the same application deployed at AWS Elasticbeanstalk, I get 'invalid client' error:

dev@devComp:$ curl -X POST -d "grant_type=password&username=
<user_name>&password=<password>" -u"<client_id>:<client_secret>" 
http://my-eb-prefix.us-west-1.elasticbeanstalk.com/o/token/
{"error": "invalid_client"}

Please advise me what to do to get rid of this error and normally request access tokens from django app deployed at AWS.

Answer 1

I was also facing the same problem. This worked for me:

curl -X POST -d "grant_type=password&username=<your-username>&password=<your-password>&client_id=<your-client id>&client_secret=<your-client secret>" http://your-domain/o/token/
{"access_token": "0BVfgujhdglxC7OHFh0we7gprlfr1Xk", "scope": "read write", "token_type": "Bearer", "expires_in": 36000, "refresh_token": "AwffMPzNXvghlkjhs8dpXk7gbhhjhljlldfE2nI"}

Answer 2

After some research, I can now give the answer myself:

I had to add one more command to my python.config in .ebextensions folder:

...
container_commands:
  ...    
  03wsgipass:
    command: 'echo "WSGIPassAuthorization On" >> ../wsgi.conf'

After that, AWS allows incoming requests to pass authorization, and I get the response without an error.