Token endpoint API returns invalid client error

By: Doma Samson user 14 Jun 2018 at 7:32 a.m. CDT

5 Responses
Doma Samson gravatar
I've registered a resource with scope curl --request POST \ --url https://gluu.innovation-poc.com/oxauth/restv1/host/rsrc/resource_set \ --header 'authorization: Bearer c7e1c3fa-9d66-4229-acf1-1250201dceac' \ --header 'content-type: application/json' \ --cookie 'uma_session_id=327e9f03-035b-4701-80ac-0aa5e8181f52; session_state=65af9687-7b8e-454d-9abb-50eb11d98a37; org.gluu.i18n.Locale=en; session_id=e0c16e66-8c7d-46b7-8cf2-0399131382fc' \ --data '{ "resource_scopes":[ "post-updates" ], "icon_uri":"http://www.example.com/icons/sharesocial.png", "name":"My Resource6", "type":"http://www.example.com/rsrcs/socialstream/140-compatible", "exp": 1419356238 }' Response { "_id": "c697bd22-741e-465f-9f64-6e98a6766ee6", "user_access_policy_uri": null } resource id is c697bd22-741e-465f-9f64-6e98a6766ee6. I registered the above resource and got resource id. Now to get the permission ticket I called the end point like below curl --request POST \ --url https://gluu.innovation-poc.com/oxauth/restv1/host/rsrc_pr \ --header 'authorization: Bearer 20e28949-2c3c-4760-a837-2a61eead65e1' \ --header 'content-type: application/json' \ --cookie 'uma_session_id=327e9f03-035b-4701-80ac-0aa5e8181f52; session_state=65af9687-7b8e-454d-9abb-50eb11d98a37; org.gluu.i18n.Locale=en; session_id=e0c16e66-8c7d-46b7-8cf2-0399131382fc' \ --data '{ "resource_id":"c697bd22-741e-465f-9f64-6e98a6766ee6", "resource_scopes": [ "post-updates" ] }' Response { "ticket": "204ffa58-7aff-45a1-8256-4f8e71ae7f76" } And got my ticket successfully. After getting a ticket I called the token end point to get RPT curl --request POST \ --url https://gluu.innovation-poc.com/oxauth/restv1/token \ --header 'authorization: Bearer 1c0f03dc-297e-46d4-b194-cfff292db22c' \ --header 'content-type: application/json' \ --cookie 'uma_session_id=327e9f03-035b-4701-80ac-0aa5e8181f52; session_state=65af9687-7b8e-454d-9abb-50eb11d98a37; org.gluu.i18n.Locale=en; session_id=e0c16e66-8c7d-46b7-8cf2-0399131382fc' \ --data '{ "grant_type":"urn:ietf:params:oauth:grant-type:uma-ticket", "ticket":"204ffa58-7aff-45a1-8256-4f8e71ae7f76" }' Then it returned the below error response Response { "error": "invalid_client", "error_description": "Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client." } Authentication method I've changed to client_secret_post but still it returns the same error I've give client id as inum for SCIM client and it's secret client ID:@!0A89.453C.B8CA.A5F8!0001!BC3D.D573!0008!FBCD.8FE3.6F4D.4F2C client secret:secret Below is the logs I could find 2018-06-14 14:21:26,743 INFO [qtp1744347043-13] [org.xdi.oxauth.auth.AuthenticationFilter] (AuthenticationFilter.java:252) - Basic authentication failed java.lang.Exception: The Token Authentication Method is not valid. at org.xdi.oxauth.auth.AuthenticationFilter.processBasicAuth(AuthenticationFilter.java:229) [classes/:?] at org.xdi.oxauth.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:112) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.xdi.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:55) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.Server.handle(Server.java:531) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:319) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:175) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:133) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:754) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:672) [jetty-util-9.4.9.v20180320.jar:9.4.9.v20180320] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_162] Even I tried using Basic Auth and content type application/x-www-form url encoded curl --request POST \ --url https://gluu.innovation-poc.com/oxauth/restv1/token \ --header 'authorization: Basic QCEwQTg5LjQ1M0MuQjhDQS5BNUY4ITAwMDEhQkMzRC5ENTczITAwMDghRkJDRC44RkUzLjZGNEQuNEYyQzpzZWNyZXQ=' \ --header 'content-type: application/x-www-form-urlencoded' \ --cookie 'session_state=65af9687-7b8e-454d-9abb-50eb11d98a37; org.gluu.i18n.Locale=en; session_id=e0c16e66-8c7d-46b7-8cf2-0399131382fc' \ --data 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Auma-ticket&ticket=204ffa58-7aff-45a1-8256-4f8e71ae7f76' But response was the same. Could you please help me to understand where I'm getting wrong as I'm behind this for 3 days. Look forward to your reply Thanks, Doma
Ubuntu 16.04
closed

Answers

By Sahil Arora user 15 Jun 2018 at 7:23 p.m. CDT

Copy
Sahil Arora gravatar
Have you enabled SCIM support in the configuration? Also, please confirm on the scopes released in the OIDC?

By Master Kumar user 05 Oct 2018 at 8:54 a.m. CDT

Copy
Master Kumar gravatar
What value did you pass in Authorization header while creating resource and permission ticket? How did you get the authorization header for those two api's?

By Surendra Khatana user 19 Oct 2018 at 5:12 a.m. CDT

Copy
Surendra Khatana gravatar
Hi, I am facing the same issue, how was this resolved ? Regards Suren

By Master Kumar user 29 Oct 2018 at 1:11 p.m. CDT

Copy
Master Kumar gravatar
Hi Doma, not able find information on steps to use SCIM API's protected with UMA I see that in the case of registering a new resource, getting permissio ticket, getting RPT from token api url you are passing the below cookies uma_session_id=327e9f03-035b-4701-80ac-0aa5e8181f52; session_state=65af9687-7b8e-454d-9abb-50eb11d98a37; org.gluu.i18n.Locale=en; session_id=e0c16e66-8c7d-46b7-8cf2-0399131382fc No information on how to get these values? I tried to follow the documentation provided but not able to move forward. Can you please provide me with detailed information as i wanted to access SCIM api's with testmode=false. Appreciate any help in this regards

By Master Kumar user 13 Nov 2018 at 10:18 a.m. CST

Copy
Master Kumar gravatar
Doma, can you help me with details to proceed as i am not able move forward

Post an answer