By: Mohamad Taheri user 25 Aug 2016 at 3:47 a.m. CDT

7 Responses
Mohamad Taheri gravatar
Hi, I want to use 'client_credentials' grant type, but Gluu server give me an access_token just once. what should i have to do?

By Yuriy Zabrovarnyy staff 25 Aug 2016 at 6:53 a.m. CDT

Yuriy Zabrovarnyy gravatar
If you already obtained access token with 'client_credentials' than you are done. Would you please explain in detail what exactly does not work ? Please provide your request/response as well as oxauth.log. Here is detailed description of 'client_credentials' grant https://tools.ietf.org/html/rfc6749#section-4.4 ``` POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=client_credentials ``` Thanks, Yuriy Z

By Mohamad Taheri user 25 Aug 2016 at 7:41 a.m. CDT

Mohamad Taheri gravatar
Actually after generated 'access_token' expired, I can't request for new access_token again. This is my request: POST /oxauth/seam/resource/restv1/oxauth/token HTTP/1.1 Host: gluu.loc Content-Type: application/x-www-form-urlencoded Authorization: Basic QCFBQzFBLjU4QzMuN0ZDOC40NEZGITAwMDEhMjBGMi5BMDk0ITAwMDghQzFDMS43MkQ1OmRzYQ== Cache-Control: no-cache Postman-Token: b5a1afec-d93e-dcf4-d0ee-ca8ffe69c425 grant_type=client_credentials this work just once.

By Mohamad Taheri user 25 Aug 2016 at 7:43 a.m. CDT

Mohamad Taheri gravatar
Here is gluu response: { "error": "invalid_grant", "error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client." }

By Yuriy Zabrovarnyy staff 25 Aug 2016 at 7:51 a.m. CDT

Yuriy Zabrovarnyy gravatar
It seems your `client_id` encoded in authorization header is expired and removed by server (you can control client expiration time via `dynamic-registration-expiration-time` property of oxauth). 1) Make sure it still exists in ldap. 2) please attach `oxauth.log` file for investigation (make sure log level is set to TRACE in `/opt/tomcat/webapps/oxauth/WEB-INF/classes/log4j.xml`)

By Mohamad Taheri user 25 Aug 2016 at 8:11 a.m. CDT

Mohamad Taheri gravatar
I can use this client with other grant types like Implicit or authorization_code, and it isn't dynamic client. I don't know how can change log level to /opt/tomcat/webapps/oxauth/WEB-INF/classes/log4j.xml but here is part of my oxauth log. ``` 2016-08-25 12:15:59,079 INFO [xdi.oxauth.session.ws.rs.EndSessionRestWebServiceImpl] Failed to find out authorization grant for id_token_hint 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2dsdXUubG9jIiwiYXVkIjoiQCFBQzFBLjU4QzMuN0ZDOC40NEZGITAwMDEhMjBGMi5BMDk0ITAwMDghNDU2OS5DQUI5IiwiZXhwIjoxNDcyMTI2NzIzLCJpYXQiOjE0NzIxMjMxMjMsIm5vbmNlIjoibm9uY2UiLCJhdXRoX3RpbWUiOjE0NzIxMTM0MTEsImNfaGFzaCI6IjFqWUY3a0ZQMHZpZmEyTG9jY0JmNFEiLCJveFZhbGlkYXRpb25VUkkiOiJodHRwczovL2dsdXUubG9jL294YXV0aC9vcGlmcmFtZSIsIm94T3BlbklEQ29ubmVjdFZlcnNpb24iOiJvcGVuaWRjb25uZWN0LTEuMCIsImludW0iOiJAIUFDMUEuNThDMy43RkM4LjQ0RkYhMDAwMSEyMEYyLkEwOTQhMDAwMCFBOEYyLkRFMUUuRDdGQiIsInVzZXJfbmFtZSI6ImFkbWluIiwibmFtZSI6IkRlZmF1bHQgQWRtaW4gVXNlciIsImZhbWlseV9uYW1lIjoiVXNlciIsImdpdmVuX25hbWUiOiJBZG1pbiIsInN1YiI6IkAhQUMxQS41OEMzLjdGQzguNDRGRiEwMDAxITIwRjIuQTA5NCEwMDAwIUE4RjIuREUxRS5EN0ZCIn0.9Bv6zx9Q7OMPtWQZWx9qYI9nGvt38o4jEAMJUfjAQLU' 2016-08-25 12:27:39,618 INFO [org.xdi.oxauth.auth.Authenticator] Authentication result for user '@!AC1A.58C3.7FC8.44FF!0001!20F2.A094!0008!C1C1.72D5', result: 'false' 2016-08-25 12:27:39,622 INFO [org.xdi.oxauth.auth.Authenticator] Authentication success for Client: '@!AC1A.58C3.7FC8.44FF!0001!20F2.A094!0008!C1C1.72D5' 2016-08-25 12:28:44,818 INFO [org.xdi.oxauth.auth.Authenticator] Authentication result for user '@!AC1A.58C3.7FC8.44FF!0001!20F2.A094!0008!4569.CAB9', result: 'false' 2016-08-25 12:28:44,821 INFO [org.xdi.oxauth.auth.Authenticator] Authentication success for Client: '@!AC1A.58C3.7FC8.44FF!0001!20F2.A094!0008!4569.CAB9' 2016-08-25 13:02:42,314 INFO [org.xdi.oxauth.auth.Authenticator] Authentication result for user '@!AC1A.58C3.7FC8.44FF!0001!20F2.A094!0008!4BC1.24F0', result: 'false' 2016-08-25 13:02:42,318 INFO [org.xdi.oxauth.auth.Authenticator] Authentication success for Client: '@!AC1A.58C3.7FC8.44FF!0001!20F2.A094!0008!4BC1.24F0' 2016-08-25 13:03:11,873 INFO [org.xdi.oxauth.auth.Authenticator] Authentication result for user '@!AC1A.58C3.7FC8.44FF!0001!20F2.A094!0008!4BC1.24F0', result: 'false' 2016-08-25 13:03:11,876 INFO [org.xdi.oxauth.auth.Authenticator] Authentication success for Client: '@!AC1A.58C3.7FC8.44FF!0001!20F2.A094!0008!4BC1.24F0' 2016-08-25 13:03:12,127 INFO [org.xdi.oxauth.auth.Authenticator] Authentication result for user '@!AC1A.58C3.7FC8.44FF!0001!20F2.A094!0008!10E5.BC7F', result: 'false' 2016-08-25 13:03:12,129 INFO [org.xdi.oxauth.auth.Authenticator] Authentication success for Client: '@!AC1A.58C3.7FC8.44FF!0001!20F2.A094!0008!10E5.BC7F' ```

By Mohamad Taheri user 25 Aug 2016 at 9:17 a.m. CDT

Mohamad Taheri gravatar
I find out what happened :) I send my requests to gluu server with POSTMAN Google Chrome extension and it's Interceptor was active. I think until we have an active session we cannot request new access_token.

By William Lowe user 25 Aug 2016 at 12:42 p.m. CDT

William Lowe gravatar
Thanks for the update, Mohamad.