Not enough info. Please share the token request and the client configuration.

Here is the Client configuration ! [Config](https://postimg.cc/t1GK381D) Here is the curl command that is causing the above issue: ``` curl 'https://<gluu_domain>/oxauth/restv1/token' \ -X POST \ -H 'content-type: application/x-www-form-urlencoded' \ -H 'Origin: https://<gluu_domain>' \ --data-raw 'client_id=<clientID>&client_secret=<secret>&scope=clientinfo openid&grant_type=client_credentials' \ --insecure ``` If i remove the origin header from curl command it is working fine.

Did you [Configure CORS](https://gluu.org/docs/gluu-server/4.4/admin-guide/cors/#configure-cors)?

No, we have gone with the default GLUU config, we have not made any other changes.

Please review that documenatation first, and see if it contains the answer to your question.

Hi Michael, I have gone through the CORS documentation, but it looks like the Origin header is not blocked dues to CORS as i am getting the 200 response from token endpoint the issue is caused by null pointer error. Pls can you help me troubleshoot it.

Hi, Aman! Can you please try this way? ``` curl -k -u 'client_id:client_secret' -d grant_type=client_credentials https://[gluu-server]/oxauth/restv1/token ``` And a native client config should be like this: OPENID CONNECT CLIENTS DETAILS ------------------------------ - **Name:** api-test - **Client ID:** 20a3e723-5187-4abe-82f9-357d7a1e3fed - **Subject Type:** pairwise - **ClientSecret:** XXXXXXXXXXX - **Application Type:** native - **Persist Client Authorizations:** true - **Pre-Authorization:** false - **Authentication method for the Token Endpoint:** client_secret_basic - **Logout Session Required:** false - **Include Claims In Id Token:** false - **Disabled:** false - **Scopes:** [profile, openid, permission, email, user_name] - **Grant types:** [authorization_code, refresh_token, client_credentials, implicit] - **Response types:** [code, token, id_token] If you use for API-call, `Application Type` should be `Native` I think. Regards ~ Shakil

Hi Shakil, Here is have created the required openid client ! [api-test](https://postimg.cc/zbk0gB8T) And here is the curl command output that you shared. [curl-output](https://postimg.cc/8FK2rt41) And here is the oxauth logs for this: [oxauth.log](https://postimg.cc/GTcg7DqM) But as soon i add the Origin header to the curl command I am not getting any access token from the GLUU server: [curl_output2](https://postimg.cc/zLB9rvHt) I am getting the same null pointer error i have posted above. Let me know your views on this

Though I have no idea about `origin`, but I don't see any problem with `Origin` here. Please see the attached screenshot. You can look into **CORS Config** suggested above. Thanks