invalid_client error while retrieving token

By: ches luo user 19 Feb 2019 at 12:19 a.m. CST

3 Responses
ches luo gravatar
Hi, I installed gluu server and create an OpenID client for testing. I have added `password ` to `grant_type` and `token` to `response_type` and I have created a user using the admin account. But when I tried to get the token using postman, the server always returns 401 unauthorized error with details below: ``` { "error": "invalid_client", "error_description": "Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client." } ``` The post request I used is below (I hide the host) ``` POST /oxauth/restv1/token HTTP/1.1 Host: myapp.cloudapp.azure.com Content-Type: application/json cache-control: no-cache Postman-Token: ecad26eb-0970-4876-9d03-13b4c8d1833b { "grant_type": "password", "username": "user1", "password": "P@ss1234", "client_id": "@!4B9F.BF94.6496.AC5B!0001!DFBB.9D80!0008!64C0.F8C2.A55E.4069", "client_secret": "P@ss1234" } ``` Could someone help? Thanks in advance. Ches
Debian 8.0
closed

Answers

By William Lowe user 19 Feb 2019 at 2:56 a.m. CST

Copy
William Lowe gravatar
Just a quick question.. is this a fresh installation? If so, why did you install Gluu 3.1.1 and not the latest version, Gluu 3.1.5?

By ches luo user 19 Feb 2019 at 3:03 a.m. CST

Copy
ches luo gravatar
Hi William, This is a fresh installation. I used 3.1.1 because I started to use it last year and have some customization. Will migrate to 3.1.5 when I am ready.

By Aliaksandr Samuseu staff 19 Feb 2019 at 11:03 a.m. CST

Copy
Aliaksandr Samuseu gravatar
The request you use doesn't look like anything in the specs. [Here is an example](https://tools.ietf.org/html/rfc6749#section-4.3.2) of correct request to token endpoint. Another example: ``` POST /oxauth/restv1/token HTTP/1.1 Host: idp.host.loc Content-Type: application/x-www-form-urlencoded Authorization: Basic QCFBMjc4LjZFNDkuQjA5Qi41MEZEITAwMDEhNDgzMi5CNDhDITAwMDghQUFDMy5CRDdGLkFGMTQuRDVDMjoxcTJ3M2U0cg== Cache-Control: no-cache Content-Length: 104 grant_type=password&username=admin&password=1q2w3e4r&scope=openid+profile+email+uma_protection+user_name ``` Please note that we usually doesn't help with usage of low-level tools like Postman, or development of your custom OIDC clients. Those are complex topics and it's expected you've learned the specs to the moment you start playing with it. Also, usage of this grant is not recommended, it's not a standard OIDC flow.

Post an answer