Unable to get user cliams when used bearer token generated by password flow

By: sohan bafna user 27 Apr 2018 at 1:20 a.m. CDT

9 Responses
sohan bafna gravatar
Hi, I have configured my GLUU server to use password flow. I am able to generate the bearer token using password flow. I get following response, ``` { "access_token": "e445827a-29b5-4b52-92a7-828530245478", "token_type": "bearer", "expires_in": 17999, "refresh_token": "9560fc80-db67-4c9a-82de-673478e181ab", "scope": "user_name profile uma_protection permission" }; ``` But, when i use the following token to get the user claims using userinfo endpoint I get **500 Server error** I looked at GLUU logs and found out the error with AuthenticationService.java ``` 2018-04-27 02:15:21,038 INFO [qtp1020391880-744071] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:205) - Authentication success for Client: '@!6F03.1B40.EAE4.A24B!0001!2B6B.EA16!0008!04F2.2DBF.1EB3.88FD' 2018-04-27 02:15:21,101 ERROR [qtp1020391880-744071] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:409) - Failed to update oxLastLogonTime of user 'sohanb' 2018-04-27 02:15:30,834 ERROR [qtp1020391880-744730] [xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl] (UserInfoRestWebServiceImpl.java:203) - null java.lang.NullPointerException: null ``` I also referred to this link here, [id_token not returned](https://support.gluu.org/authentication/4831/id_token-not-returned-when-oxauthrestv1token-queried/) My requirement is to generate token without redirection to login pages (implict/authorization flow) and use that token to get claims. Could you suggest what should be the approach? Thanks, Sohan
Rhel 7.2
closed

Answers

By Mohib Zico Account Admin 27 Apr 2018 at 3:45 a.m. CDT

Copy
Mohib Zico gravatar
The actual error is... ``` null java.lang.NullPointerException: null... ``` Which should have more detailed. Can you please do two things if you can: - Enable DEBUG log for oxAuth. - Share info how you are trying to do so.. we will try to reproduce the issue locally.

By sohan bafna user 27 Apr 2018 at 5:24 a.m. CDT

Copy
sohan bafna gravatar
Here are detailed information, My password token request: ``` https://sohanblx.net/oxauth/restv1/token ``` form data: ``` grant_type:password username:sohanb password:welcomeSohan scope:profile permission user_name uma_protection ``` Now i use the above returned bearer token to get user info by hitting user infor endpoint and i get following error: **Logs when i try to generate Token:** ``` 2018-04-27 05:10:47,699 DEBUG [qtp1020391880-17] [org.xdi.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:94) - Starting token endpoint authentication 2018-04-27 05:10:47,700 DEBUG [qtp1020391880-17] [org.xdi.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:101) - Starting Basic Auth token endpoint authentication 2018-04-27 05:10:47,706 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.ClientService] (ClientService.java:137) - Found 1 entries for client id = @!6F03.1B40.EAE4.A24B!0001!2B6B.EA16!0008!04F2.2DBF.1EB3.88FD 2018-04-27 05:10:47,707 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.ClientService] (ClientService.java:100) - Authenticating Client with LDAP: clientId = @!6F03.1B40.EAE4.A24B!0001!2B6B.EA16!0008!04F2.2DBF.1EB3.88FD 2018-04-27 05:10:47,707 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.ClientService] (ClientService.java:137) - Found 1 entries for client id = @!6F03.1B40.EAE4.A24B!0001!2B6B.EA16!0008!04F2.2DBF.1EB3.88FD 2018-04-27 05:10:47,708 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:496) - ConfigureSessionClient: username: '@!6F03.1B40.EAE4.A24B!0001!2B6B.EA16!0008!04F2.2DBF.1EB3.88FD', credentials: '938994292' 2018-04-27 05:10:47,708 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.ClientService] (ClientService.java:137) - Found 1 entries for client id = @!6F03.1B40.EAE4.A24B!0001!2B6B.EA16!0008!04F2.2DBF.1EB3.88FD 2018-04-27 05:10:47,717 INFO [qtp1020391880-17] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:205) - Authentication success for Client: '@!6F03.1B40.EAE4.A24B!0001!2B6B.EA16!0008!04F2.2DBF.1EB3.88FD' 2018-04-27 05:10:47,721 DEBUG [qtp1020391880-17] [xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:98) - Attempting to request access token: grantType = password, code = null, redirectUri = null, username = sohanb, refreshToken = null, clientId = null, ExtraParams = {response_type=[id_token token code], password=[sigma123], grant_type=[password], scope=[profile permission user_name uma_protection ], username=[sohanb]}, isSecure = true, codeVerifier = null, ticket = null 2018-04-27 05:10:47,722 DEBUG [qtp1020391880-17] [xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:118) - Starting to validate request parameters 2018-04-27 05:10:47,722 DEBUG [qtp1020391880-17] [xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:126) - Grant type: 'password' 2018-04-27 05:10:47,723 DEBUG [qtp1020391880-17] [xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:132) - Get sessionClient: 'org.xdi.oxauth.model.session.SessionClient@39401bd7' 2018-04-27 05:10:47,723 DEBUG [qtp1020391880-17] [xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl] (TokenRestWebServiceImpl.java:136) - Get client from session: '@!6F03.1B40.EAE4.A24B!0001!2B6B.EA16!0008!04F2.2DBF.1EB3.88FD' 2018-04-27 05:10:47,723 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:137) - Authenticating user with LDAP: username: 'sohanb', credentials: '938994292' 2018-04-27 05:10:47,723 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:261) - Attempting to find userDN by primary key: 'uid' and key value: 'sohanb', credentials: '938994292' 2018-04-27 05:10:47,724 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:350) - Getting user information from LDAP: attributeName = 'uid', attributeValue = 'sohanb' 2018-04-27 05:10:47,724 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:364) - Searching user by attributes: '[Attribute [name=uid, values=[sohanb]]]', baseDn: 'o=gluu' 2018-04-27 05:10:47,731 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:366) - Found '1' entries 2018-04-27 05:10:47,736 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:283) - Attempting to authenticate userDN: inum=@!6F03.1B40.EAE4.A24B!0001!2B6B.EA16!0000!E2D1.8937.8BCB.8BDF,ou=people,o=@!6F03.1B40.EAE4.A24B!0001!2B6B.EA16,o=gluu 2018-04-27 05:10:47,760 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:285) - User authenticated: inum=@!6F03.1B40.EAE4.A24B!0001!2B6B.EA16!0000!E2D1.8937.8BCB.8BDF,ou=people,o=@!6F03.1B40.EAE4.A24B!0001!2B6B.EA16,o=gluu 2018-04-27 05:10:47,760 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:287) - Attempting to find userDN by local primary key: uid 2018-04-27 05:10:47,760 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.UserService] (UserService.java:182) - Getting user information from LDAP: attributeName = 'uid', attributeValue = 'sohanb' 2018-04-27 05:10:47,768 DEBUG [qtp1020391880-17] [org.xdi.oxauth.service.UserService] (UserService.java:193) - Found '1' entries 2018-04-27 05:10:47,774 ERROR [qtp1020391880-17] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:409) - Failed to update oxLastLogonTime of user 'sohanb' 2018-04-27 05:10:47,793 DEBUG [qtp1020391880-17] [org.xdi.oxauth.model.authorize.ScopeChecker] (ScopeChecker.java:39) - Checking scopes policy for: profile permission user_name uma_protection 2018-04-27 05:10:47,811 DEBUG [qtp1020391880-17] [org.xdi.oxauth.model.authorize.ScopeChecker] (ScopeChecker.java:59) - Granted scopes: [user_name, profile, uma_protection, permission] 2018-04-27 05:10:47,818 DEBUG [qtp1020391880-17] [org.xdi.oxauth.model.common.AuthorizationGrant] (AuthorizationGrant.java:117) - Saving grant: a8fd8016-a51d-4048-8d2f-e50e5b95b42e, code_challenge: null 2018-04-27 05:10:47,827 DEBUG [qtp1020391880-17] [org.xdi.oxauth.model.common.AuthorizationGrant] (AuthorizationGrant.java:117) - Saving grant: a8fd8016-a51d-4048-8d2f-e50e5b95b42e, code_challenge: null ``` **Logs when i try to hit userinfo endpoint :** ``` 2018-04-27 05:08:31,488 DEBUG [qtp1020391880-15] [xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl] (UserInfoRestWebServiceImpl.java:121) - Attempting to request User Info, Access token = f672d7e8-0cf4-4867-a22e-15edb7aab63b, Is Secu re = true 2018-04-27 05:08:31,497 DEBUG [qtp1020391880-15] [org.xdi.oxauth.service.UserService] (UserService.java:84) - Getting user information from LDAP: userId = sohanb 2018-04-27 05:08:31,512 DEBUG [qtp1020391880-15] [org.xdi.oxauth.service.UserService] (UserService.java:93) - Found 1 entries for user id = sohanb 2018-04-27 05:08:31,513 DEBUG [qtp1020391880-15] [org.xdi.oxauth.service.ClientService] (ClientService.java:137) - Found 1 entries for client id = @!6F03.1B40.EAE4.A24B!0001!2B6B.EA16!0008!04F2.2DBF.1EB3.88FD 2018-04-27 05:08:31,556 ERROR [qtp1020391880-15] [xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl] (UserInfoRestWebServiceImpl.java:203) - null java.lang.NullPointerException: null at org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.getJSonResponse(UserInfoRestWebServiceImpl.java:582) ~[classes/:?] at org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.requestUserInfo(UserInfoRestWebServiceImpl.java:183) [classes/:?] at org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl.requestUserInfoGet(UserInfoRestWebServiceImpl.java:109) [classes/:?] at org.xdi.oxauth.userinfo.ws.rs.UserInfoRestWebServiceImpl$Proxy$_$$_WeldClientProxy.requestUserInfoGet(Unknown Source) [classes/:?] at sun.reflect.GeneratedMethodAccessor168.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:845) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1772) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:193) [websocket-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226) [rewrite-servlet-3.4.1.Final.jar:3.4.1.Final] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.xdi.oxauth.auth.AuthenticationFilter.processBearerAuth(AuthenticationFilter.java:242) [classes/:?] at org.xdi.oxauth.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.gluu.oxserver.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:343) [oxcore-server-3.1.1.Final.jar:?] at org.gluu.oxserver.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:120) [oxcore-server-3.1.1.Final.jar:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.xdi.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:55) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1751) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512) [jetty-servlet-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.Server.handle(Server.java:534) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [jetty-server-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93) [jetty-io-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589) [jetty-util-9.3.15.v20161220.jar:9.3.15.v20161220] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_112] 2018-04-27 05:08:50,390 DEBUG [oxAuthScheduler_Worker-1] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2018-04-27 05:08:50,391 DEBUG [oxAuthScheduler_Worker-1] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.service.cdi.event.ConfigurationEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2018-04-27 05:08:50,399 DEBUG [oxAuthScheduler_Worker-1] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2018-04-27 05:08:50,409 DEBUG [oxAuthScheduler_Worker-2] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2018-04-27 05:08:50,411 DEBUG [oxAuthScheduler_Worker-2] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.service.cdi.event.LdapStatusEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2018-04-27 05:08:50,413 DEBUG [oxAuthScheduler_Worker-2] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2018-04-27 05:08:50,486 DEBUG [oxAuthScheduler_Worker-3] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2018-04-27 05:08:50,487 DEBUG [oxAuthScheduler_Worker-3] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.oxauth.service.cdi.event.CleanerEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2018-04-27 05:08:50,491 DEBUG [oxAuthScheduler_Worker-3] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2018-04-27 05:08:50,492 DEBUG [Thread-268] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:138) - Start AuthorizationGrant clean up 2018-04-27 05:08:50,499 DEBUG [oxAuthScheduler_Worker-4] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2018-04-27 05:08:50,500 DEBUG [oxAuthScheduler_Worker-4] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.oxauth.service.cdi.event.AuthConfigurationEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2018-04-27 05:08:50,504 DEBUG [oxAuthScheduler_Worker-4] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended 2018-04-27 05:08:50,517 DEBUG [Thread-268] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:140) - End AuthorizationGrant clean up 2018-04-27 05:08:50,518 DEBUG [Thread-268] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:144) - Start Client clean up 2018-04-27 05:08:50,544 DEBUG [Thread-268] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:176) - End Client clean up 2018-04-27 05:08:50,561 DEBUG [Thread-268] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:180) - Start U2F request clean up 2018-04-27 05:08:50,565 DEBUG [Thread-268] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:207) - End U2F request clean up 2018-04-27 05:08:50,566 DEBUG [Thread-268] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:211) - Start U2F request clean up 2018-04-27 05:08:50,568 DEBUG [Thread-268] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:239) - End U2F request clean up 2018-04-27 05:08:50,568 DEBUG [Thread-268] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:243) - Start metric entries clean up 2018-04-27 05:08:50,587 DEBUG [Thread-268] [org.xdi.oxauth.service.CleanerTimer] (CleanerTimer.java:253) - End metric entries clean up 2018-04-27 05:08:50,774 DEBUG [oxAuthScheduler_Worker-5] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:52) - Bound request started 2018-04-27 05:08:50,775 DEBUG [oxAuthScheduler_Worker-5] [org.xdi.service.timer.TimerJob] (TimerJob.java:34) - Fire timer event [org.xdi.service.cdi.event.UpdateScriptEvent] with qualifiers [@org.xdi.service.cdi.event.Scheduled()] 2018-04-27 05:08:50,804 DEBUG [oxAuthScheduler_Worker-5] [org.xdi.service.timer.RequestJobListener] (RequestJobListener.java:62) - Bound request ended ``` _Following are configured on GLUU server: _ **Scope configured:** ``` openid permission profile uma_protection user_name ``` **Response Type:** ``` id_token token ``` **Grant Types:** ``` password ```

By sohan bafna user 27 Apr 2018 at 6:06 a.m. CDT

Copy
sohan bafna gravatar
So here is what i found issue with the code where it looks for getRedirectUris for all types of grant : IN /UserInfoRestWebServiceImpl.java at line no 582: Inside **getJSonResponse() method** ``` ** * Builds a JSon String with the response parameters. */ public String getJSonResponse(User user, AuthorizationGrant authorizationGrant, Collection<String> scopes) ``` It looks for : ``` sectorIdentifierUri = authorizationGrant.getClient().getRedirectUris()[0]; ``` I think this not be the case when my flow is configured as password or client_credentials. When i added redirect url to configuration of gluu, it worked for me. Please let know if this is an issue. Best, Sohan

By Aliaksandr Samuseu staff 01 May 2018 at 3:30 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Sohan & Zico. Just for your information: I was able to successfully use `access_token` issued with resource owner's creds grant at userinfo endpoint, so the feature works as intended. My token request looks like this: ``` POST /oxauth/restv1/token HTTP/1.1 Host: mytrue.host.loc Content-Type: application/x-www-form-urlencoded Authorization: Basic QCE4NEIxLjc0NDEuNTdDMy45OEIwITAwMDEhNzZBMi4wOTE5ITAwMDghRkY4QS4xMzAyLkFBNkIuRDk3NjoxcTJ3M2U0cg== Cache-Control: no-cache Content-Length: 110 grant_type=password&&username=admin&password=1q2w3e4r&scope=openid+profile+email+uma_protection ``` Corresponding client's properties as as below: ``` dn: inum=@!84B1.7441.57C3.98B0!0001!76A2.0919!0008!FF8A.1302.AA6B.D976,ou=clients,o=@!84B1.7441.57C3.98B0!0001!76A2.0919,o=gluu objectClass: oxAuthClient objectClass: top oxAuthLogoutSessionRequired: false oxAuthScope: inum=@!84B1.7441.57C3.98B0!0001!76A2.0919!0009!CC47.478D,ou=scopes,o=@!84B1.7441.57C3.98B0!0001!76A2.0919,o=gluu oxAuthScope: inum=@!84B1.7441.57C3.98B0!0001!76A2.0919!0009!764C,ou=scopes,o=@!84B1.7441.57C3.98B0!0001!76A2.0919,o=gluu oxAuthScope: inum=@!84B1.7441.57C3.98B0!0001!76A2.0919!0009!F0C4,ou=scopes,o=@!84B1.7441.57C3.98B0!0001!76A2.0919,o=gluu oxAuthScope: inum=@!84B1.7441.57C3.98B0!0001!76A2.0919!0009!43F1,ou=scopes,o=@!84B1.7441.57C3.98B0!0001!76A2.0919,o=gluu oxAuthScope: inum=@!84B1.7441.57C3.98B0!0001!76A2.0919!0009!7D53.C0F6,ou=scopes,o=@!84B1.7441.57C3.98B0!0001!76A2.0919,o=gluu oxAuthScope: inum=@!84B1.7441.57C3.98B0!0001!76A2.0919!0009!0BCE.C17F,ou=scopes,o=@!84B1.7441.57C3.98B0!0001!76A2.0919,o=gluu oxAuthScope: inum=@!84B1.7441.57C3.98B0!0001!76A2.0919!0009!6D99,ou=scopes,o=@!84B1.7441.57C3.98B0!0001!76A2.0919,o=gluu oxAuthScope: inum=@!84B1.7441.57C3.98B0!0001!76A2.0919!0009!10B2,ou=scopes,o=@!84B1.7441.57C3.98B0!0001!76A2.0919,o=gluu oxAuthTrustedClient: false oxAuthRedirectURI: https://some.bogus.url/adafsfhuw oxAuthTokenEndpointAuthMethod: client_secret_basic oxPersistClientAuthorizations: false oxAuthGrantType: password inum: @!84B1.7441.57C3.98B0!0001!76A2.0919!0008!FF8A.1302.AA6B.D976 oxAuthAppType: web oxDisabled: false oxIncludeClaimsInIdToken: false oxLastLogonTime: 20180501201654.838Z displayName: test-client-user-creds-grants oxAuthClientSecret: WB1fIGz3IvtHrJF9yu7Hqg== oxAuthSubjectType: pairwise oxLastAccessTime: 20180501201654.838Z description: AAAA ``` You must always add at least "openid" scope for any client, and providing `redirect_uri` is advisable, even in case of flows when it's not actually used (some bogus uri will do)

By sohan bafna user 02 May 2018 at 12:50 a.m. CDT

Copy
sohan bafna gravatar
Thanks for verifying this Aliaksandr. My only concern here was the redirect URL should be optional based on the flow we configure. As per the standard openId connect document or in OAuth it is no where mentioned having the redirect URL when you configure you application on IDP server for password flow. Could we clear this confusion please? Thanks, Sohan

By Mohib Zico Account Admin 02 May 2018 at 2:17 a.m. CDT

Copy
Mohib Zico gravatar
>> My only concern here was the redirect URL should be optional based on the flow we configure. As per the standard openId connect document or in OAuth it is no where mentioned having the redirect URL when you configure you application on IDP server for password flow. "REQUIRED. Redirection URI to which the response will be sent. ......." from [Authentication Request](http://openid.net/specs/openid-connect-core-1_0.html).

By sohan bafna user 02 May 2018 at 2:23 a.m. CDT

Copy
sohan bafna gravatar
Sorry i was unable to find Where it says about password flow having the redirect URL?

By Aliaksandr Samuseu staff 02 May 2018 at 1:28 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Sohan. The developer in control of this feature considered it's a bug. An [issue report](https://github.com/GluuFederation/oxAuth/issues/800) has been created and it will be fixed in next release. For now you'll need to stick to workaround with a bogus `redirect_uri`, though.

By sohan bafna user 03 May 2018 at 1:54 a.m. CDT

Copy
sohan bafna gravatar
Thanks for confirming this. We can can close this now. Best, Sohan

Post an answer