Hi Qasim, we're looking into this now. Also, I just wanted to let you know we have upgraded your account and now you can open private tickets (you can edit this ticket and make it private also if you'd like) and see other tickets, public and private, opened by your Sandvine colleagues in a section in your dashboard called "Company Tickets." Thanks!

Hello Qasim, Please check the following: 1. The authorisation code could be expired. The life time can be configured in oxAuth configuration entry: authorizationCodeLifetime 2. The authorisation code can be used just once.

Hi Javier, I was still unable to get authorization token. I used the code only once within few seconds of getting it. Below are the steps i followed. 1. Created a client dynamically. Client details { "client_id": "@!B85C.7A16.4D72.EDFE!0001!99D2.4A78!0008!E0E5.C29D", "client_secret": "7c770960-a3ad-4002-872e-c0a47ad3f8fd", "registration_access_token": "94e0ed6d-d41f-4bc3-a9d0-75a483655723", "registration_client_uri": "https://TPC-E17-13.phaedrus.sandvine.com/oxauth/seam/resource/restv1/oxauth/register?client_id=@!B85C.7A16.4D72.EDFE!0001!99D2.4A78!0008!E0E5.C29D", "client_id_issued_at": 1454935569, "client_secret_expires_at": 1455021969, "redirect_uris": ["http://localhost"], "response_types": [ "code", "id_token", "token" ], "application_type": "native", "client_name": "Dynamic Client Test 1", "token_endpoint_auth_method": "client_secret_basic", "subject_type": "public", "id_token_signed_response_alg": "RS256", "require_auth_time": false, "post_logout_redirect_uris": ["http://localhost"], "logout_uri": "", "logout_session_required": false, "scopes": [ "svScope", "openid" ] } 2. Request to get id_token and code curl -v -k -u admin:JEpbCIJMuV3Q -X POST \ -d 'client_id=@!B85C.7A16.4D72.EDFE!0001!99D2.4A78!0008!E0E5.C29D' \ -d 'scope=svScope openid' \ -d 'response_type=id_token code' \ -d 'nonce=123232134' \ -d 'redirect_uri=http://localhost' \ 'https://tpc-e17-13.phaedrus.sandvine.com/oxauth/seam/resource/restv1/oxauth/authorize' Response Location: http://localhost#session_id=a8161c57-0715-4f7d-9670-7a5fde3239fd&scope=openid+svScope&state&code=146a6fc4-8992-474e-836d-2370a353d0ad& id_token=eyJ0eXAiOiJKV1MiLCJhbGciOiJSUzI1NiIsImtpZCI6IjZmOTI0MTU0LTczYmQtNDRlNC1iNjI3LTUxNjEyY2ZmMjgyMiJ9.eyJpc3MiOiJodHRwczovL1RQQy1FMTctMTMucGhhZWRydXMuc2FuZHZpbmUuY29tIiwiYXVkIjoiQCFCODVDLjdBMTYuNEQ3Mi5FREZFITAwMDEhOTlEMi40QTc4ITAwMDghRTBFNS5DMjlEIiwiZXhwIjoxNDU0OTM5Mzg5LCJpYXQiOjE0NTQ5MzU3ODksIm5vbmNlIjoiMTIzMjMyMTM0IiwiYXV0aF90aW1lIjoxNDU0OTM1Nzg4LCJjX2hhc2giOiJ5bm5mZEFWdElQZjZ0R2JjYVUzVUx3Iiwib3hWYWxpZGF0aW9uVVJJIjoiaHR0cHM6Ly9UUEMtRTE3LTEzLnBoYWVkcnVzLnNhbmR2aW5lLmNvbS9veGF1dGgvb3BpZnJhbWUiLCJveE9wZW5JRENvbm5lY3RWZXJzaW9uIjoib3BlbmlkY29ubmVjdC0xLjAiLCJpbnVtIjoiQCFCODVDLjdBMTYuNEQ3Mi5FREZFITAwMDEhOTlEMi40QTc4ITAwMDAhQThGMi5ERTFFLkQ3RkIiLCJwcml2aWxlZ2VzIjoiQWxsIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJzdWIiOiJAIUI4NUMuN0ExNi40RDcyLkVERkUhMDAwMSE5OUQyLjRBNzghMDAwMCFBOEYyLkRFMUUuRDdGQiJ9.ja4yym0PNHr3nmf5BqKaB1YDENf5D-ui-4oar9hwSUi-KZeH_wnvyEsn51LY452Aepz7eCsSdGT5eWqKxdJSPls9vW19uc4qKz8XYEjvU9w1ULu8vcl3PvsTdDGCoX2wSDl8eAtbvr2os_0MQJP3wUOs96C1MvfGfiicgKfxJ6IFAuVTb_uaqtsBvYazojnhrcCiKx059tX5FdSo1Jwv5dmb__CHrj5blto4ODdurA9ONCApVL5XSLTO785tXR0T6APHgiGEubSjwSBW763HexTbpmJ0svzMYc2SusttoShqfNI950e9GGxu2l_hyDJdV0dZmlkYyU1Bkn_HClQavA 3. Request to get authorization code curl -v -k -X POST \ -d 'client_id=@!B85C.7A16.4D72.EDFE!0001!99D2.4A78!0008!E0E5.C29D' \ -d 'grant_type=authorization_code' \ -d 'code=146a6fc4-8992-474e-836d-2370a353d0ad' \ -d 'redirect_uri=http://localhost' \ 'https://tpc-e17-13.phaedrus.sandvine.com/oxauth/seam/resource/restv1/oxauth/token' Response {"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."} Regards, Qasim

Hello Qasim, I can see the client is not authenticating in step 3, please check my test: ``` $ curl -v -k -u admin:secret -X POST -d 'client_id=@!90CC.2E38.774C.610B!0001!FD3B.B0A0!0008!500A.AC58' -d 'scope=openid' -d 'response_type=id_token code' -d 'nonce=123232134' -d 'redirect_uri=https://ce.gluu.info:8443/oxauth-rp/home.seam' 'https://ce.gluu.info:8443/seam/resource/restv1/oxauth/authorize' ``` * Trying 127.0.0.1... * Connected to ce.gluu.info (127.0.0.1) port 8443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * Server certificate: ce.gluu.info * Server auth using Basic with user 'admin' > POST /seam/resource/restv1/oxauth/authorize HTTP/1.1 > Host: ce.gluu.info:8443 > Authorization: Basic YWRtaW46c2VjcmV0 > User-Agent: curl/7.43.0 > Accept: */* > Content-Length: 177 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 177 out of 177 bytes < HTTP/1.1 302 Found < Server: Apache-Coyote/1.1 < Set-Cookie: JSESSIONID=142DEFEA890250B001CB285F991A61C1; Path=/; Secure; HttpOnly < Location: https://ce.gluu.info:8443/oxauth-rp/home.seam#session_state=88c60173-fd4c-4506-85c2-01ddd875ccde&scope=openid&state&code=3bf6376d-3f6e-4633-9bd8-6c71cc430369&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwNzAzNjk5LWIxMTgtNDlhNS04YTM0LWVhYjM1MWFkZjg5ZCJ9.eyJpc3MiOiJodHRwczovL2NlLmdsdXUuaW5mbzo4NDQzIiwiYXVkIjoiQCE5MENDLjJFMzguNzc0Qy42MTBCITAwMDEhRkQzQi5CMEEwITAwMDghNTAwQS5BQzU4IiwiZXhwIjoxNDU1MjIwNzA3LCJpYXQiOjE0NTUyMTcxMDcsIm5vbmNlIjoiMTIzMjMyMTM0IiwiYXV0aF90aW1lIjoxNDU1MjE3MTA3LCJjX2hhc2giOiJMaTRhX0VtQUYtcEp1bGhab2pkaVJ3Iiwib3hWYWxpZGF0aW9uVVJJIjoiaHR0cHM6Ly9jZS5nbHV1LmluZm86ODQ0My9vcGlmcmFtZSIsIm94T3BlbklEQ29ubmVjdFZlcnNpb24iOiJvcGVuaWRjb25uZWN0LTEuMCIsImludW0iOiJAITkwQ0MuMkUzOC43NzRDLjYxMEIhMDAwMSFGRDNCLkIwQTAhMDAwMCFBOEYyLkRFMUUuRDdGQiIsInN1YiI6IkAhOTBDQy4yRTM4Ljc3NEMuNjEwQiEwMDAxIUZEM0IuQjBBMCEwMDAwIUE4RjIuREUxRS5EN0ZCIn0.jEVEQct-nTy9ARKBwyvskExTrBJtmQPmuIkf6Q8y1ze1XBKn3aPaxTuywYrqRVHY3fAxF5Uh-VCs7EcjSCPc-LIiNnt0pIoLSgGlDBXWQLWcWRU7s5ZLCeuS5h15TWJjCtZhCpIovISb1H7LHeYLDCYC5v0251VAsqvMNpM3igGrVEzeCd-c9CUqaGAwsI_d-kfksoO0KZsPDQmQouLFM_A85d8P04vGFukWhYCCxdlOTlEV1RNZ4qslhzjHAmLaisD4bQqVExrhsIY5PAH7jof0fUyM_d2ZN9VHIrdfAZPO1WOPBr_BilJPHL6gqRxWVIsxAaVyQ-pkjxYsAxd-hg < Content-Length: 0 < Date: Thu, 11 Feb 2016 18:58:27 GMT < * Connection #0 to host ce.gluu.info left intact ``` $ curl -v -k -u @\!90CC.2E38.774C.610B\!0001\!FD3B.B0A0\!0008\!500A.AC58:c084d8fa-cf9a-4997-b392-f65842796a9b -X POST -d 'grant_type=authorization_code' -d 'code=3bf6376d-3f6e-4633-9bd8-6c71cc430369' -d 'redirect_uri=https://ce.gluu.info:8443/oxauth-rp/home.seam' 'https://ce.gluu.info:8443/seam/resource/restv1/oxauth/token' ``` * Trying 127.0.0.1... * Connected to ce.gluu.info (127.0.0.1) port 8443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * Server certificate: ce.gluu.info * Server auth using Basic with user '@!90CC.2E38.774C.610B!0001!FD3B.B0A0!0008!500A.AC58' > POST /seam/resource/restv1/oxauth/token HTTP/1.1 > Host: ce.gluu.info:8443 > Authorization: Basic QCE5MENDLjJFMzguNzc0Qy42MTBCITAwMDEhRkQzQi5CMEEwITAwMDghNTAwQS5BQzU4OmMwODRkOGZhLWNmOWEtNDk5Ny1iMzkyLWY2NTg0Mjc5NmE5Yg== > User-Agent: curl/7.43.0 > Accept: */* > Content-Length: 130 > Content-Type: application/x-www-form-urlencoded > * upload completely sent off: 130 out of 130 bytes < HTTP/1.1 200 OK < Server: Apache-Coyote/1.1 < Set-Cookie: JSESSIONID=59B4D25E277232C64F1B6F120DB78765; Path=/; Secure; HttpOnly < Cache-Control: no-store < Pragma: no-cache < Content-Type: application/json < Content-Length: 1188 < Date: Thu, 11 Feb 2016 18:59:28 GMT < * Connection #0 to host ce.gluu.info left intact {"access_token":"878277d4-66ff-4c14-b0a9-6bd265cb7cc0","token_type":"bearer","expires_in":3599,"refresh_token":"9df6b81a-2c5f-44c9-a452-1bb72de6d689","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImMwNzAzNjk5LWIxMTgtNDlhNS04YTM0LWVhYjM1MWFkZjg5ZCJ9.eyJpc3MiOiJodHRwczovL2NlLmdsdXUuaW5mbzo4NDQzIiwiYXVkIjoiQCE5MENDLjJFMzguNzc0Qy42MTBCITAwMDEhRkQzQi5CMEEwITAwMDghNTAwQS5BQzU4IiwiZXhwIjoxNDU1MjIwNzY4LCJpYXQiOjE0NTUyMTcxNjgsIm5vbmNlIjoiMTIzMjMyMTM0IiwiYXV0aF90aW1lIjoxNDU1MjE3MTA3LCJhdF9oYXNoIjoieXhpMWFEZGVIQnBQeGN4V0dxWkpGZyIsIm94VmFsaWRhdGlvblVSSSI6Imh0dHBzOi8vY2UuZ2x1dS5pbmZvOjg0NDMvb3BpZnJhbWUiLCJveE9wZW5JRENvbm5lY3RWZXJzaW9uIjoib3BlbmlkY29ubmVjdC0xLjAiLCJpbnVtIjoiQCE5MENDLjJFMzguNzc0Qy42MTBCITAwMDEhRkQzQi5CMEEwITAwMDAhQThGMi5ERTFFLkQ3RkIiLCJzdWIiOiJAITkwQ0MuMkUzOC43NzRDLjYxMEIhMDAwMSFGRDNCLkIwQTAhMDAwMCFBOEYyLkRFMUUuRDdGQiJ9.t2Jxii3KlYSpdvp0Su7JRSaur69lEr-XE2GcLzH7oQRpFggWQqASRWcGpMAuDqlDsBQqUIsIHMLlTSDOjdSm-dLf0mWNrpZ7G5EcPbdgZjbueQ1zD2fJL3wnN7wsXALuO8HtA49B_f3eCbubbmJyrFP-_93w_vuyVdCLtlCWgs4Uw5fvVCP2lFMO1v4PJgDog3SBkCbVKAxj9WAiz4gRsCNM4ciKptbvhe3E1LfdY-_eXuvUzHhqgwFwv6weu6VZIf7MBBPQdrcT_aZu2t8wDWKPWv5Jpn4eopsiofI0CLHTmIA9mviE2NgWoLh2KXJvhb1_vQZfrDQuQRHI0GCRAA"}

Qasim, Is there anything else we can assist you here or can we close the ticket?

Hi Javier, Thanks, it worked. I was missing client authentication. Apologies for late reply, i was busy and was unable to test the change you suggested. Regards, Qasim