Facing problem while creating access token for Gluu 2.4.4 Server

By: Neelmani Ghimire user 12 Aug 2016 at 1:42 a.m. CDT

2 Responses
Neelmani Ghimire gravatar
Hello, We are getting below mentioned error while doing a POST call to the Gluu server, please find below details: ``` POST /oxauth/seam/resource/restv1/oxauth/token HTTP/1.1 Host: test Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Authorization: test Postman-Token: 81b4f74e-27df-5c1e-9f38-680bb55a1f77 grant_type=implicit&scope=clientinfo&username=test &password=test ``` Error we got is: { "error": "invalid_client", "error_description": "Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client." } Can you please suggest where we are going wrong? We are able to login with username and password on this URL: https://test/oxauth/login. Not sure why we are getting ‘invalid_client’ for above POST call. Regards, Nilmani
U1404
closed

Answers

By Mohib Zico staff 12 Aug 2016 at 3:56 a.m. CDT

Copy
Mohib Zico gravatar
Hello Neelmani, The very simple meaning of 'invalid_client' is: your Gluu server do not have any info on client from which you are sending request. Either client is not registered or misconfigured. We have a fantastic search option here in support portal, please feel free to use it. Many users already faced 'invalid_client' issue so far; any of those ticket might be helpful to understand your situation.

By Michael Schwartz Account Admin 12 Aug 2016 at 6:56 a.m. CDT

Copy
Michael Schwartz gravatar
Here are some links... you need to do some more reading about OpenID Connect. I suggest if you are writing a web application that you use the Authorization Code Flow (response type "code" only!): - [OpenID Connect Specs](http://openid.net/connect) - [Basic Client Implementers Guide](http://openid.net/specs/openid-connect-basic-1_0.html) - [Slides from Microsoft](http://wiki.openid.net/w/file/fetch/80030063/OpenID_Connect_Overview_May_5_2014.pdf) - [Great overview from Travis Spencer](http://gluu.co/connect-deep-dive) - [Short overview on OAuth2 v. OpenID Connect](http://gluu.co/oauth2-v-openid-connect) - [New Standards Emerging for HoK Tokens](http://gluu.co/hok-standards) - [Minimalist blog from Nat Sakimura](http://nat.sakimura.org/2012/03/31/openid-connect-stripped-down-to-just-authentication) - [OpenID Connect Audiences](http://www.gluu.co/know-your-audience)

Post an answer