There is just not enough information here for us to comment on it. * I would include sample Requests and Responses * LDIF for the client configuration * Log files from `/opt/tomcat/logs/oxauth.log` Also, you should take a look at github project for the [test cases on OAuth2 password grant](https://github.com/GluuFederation/oxAuth/blob/e1198ff9e533be03ed87dda88adcef9e1816ce7c/Client/src/test/java/org/xdi/oxauth/ws/rs/TokenRestWebServiceHttpTest.java#L81).

Hey Michael, sorry for my late reply. The sample Request im doing is: ``` POST /oxauth/seam/resource/restv1/oxauth/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: guard.boxedware.local Connection: close User-Agent: Paw/2.2.9 (Macintosh; OS X/10.11.3) GCDHTTPRequest Content-Length: 175 grant_type=password&scope=openid&username=admin&password=XXXXX&client_id=%40%21630A.A297.5D1E.6EF7%210001%21022B.08C7%210008%21DBFC.6489&client_secret=test123 ``` The Response for this is ``` HTTP/1.1 401 Unauthorized Date: Wed, 10 Feb 2016 20:38:24 GMT Server: Apache/2.4.7 (Ubuntu) WWW-Authenticate: Basic realm="oxAuth" Content-Type: application/json;charset=ISO-8859-1 Content-Length: 586 Set-Cookie: JSESSIONID=9A5B2AADC8D8EFA242B26DC6A3FCC243; Path=/oxauth/; Secure; HttpOnly;HttpOnly Access-Control-Allow-Origin: * Connection: close {"error":"invalid_client","error_description":"Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client."} ``` and the Log message in oxauth.log is ``` 2016-02-10 20:43:56,251 DEBUG [org.xdi.oxauth.service.ClientService] Found 1 entries for client id = @!630A.A297.5D1E.6EF7!0001!022B.08C7!0008!DBFC.6489 2016-02-10 20:43:56,252 DEBUG [org.xdi.oxauth.model.error.ErrorResponseFactory] Looking for the error with id: invalid_client 2016-02-10 20:43:56,253 DEBUG [org.xdi.oxauth.model.error.ErrorResponseFactory] Found error, id: invalid_client ``` I don't know how to get the LDIF. Additional Information: I have added the Client via the oxTrust UI. I am not able to choose the "password" Grant Type for the Client. [Click Here for Screenshot](http://1drv.ms/1osHnVS) I hope this works. Its a link to a One Drive resource (don't have another upload option right now) Edit: Hmm for me the markup is broken. Hope it doesn't bother you. The preview looks good however.

To get the ldif: # service gluu-server login # cd /opt/opendj/bin # echo <ldapPW> > ~/.pw <--- enter the admin password here # ldapsearch -h localhost -p 1389 -D "cn=directory manager" -j ~/.pw \ -b "o=gluu" "inum=*DBFC.6489" Its saying that the client authentication is failing. Are you sure you're doing it right?

Hey Michael, thanks for your help i really appreciate it. As you already mentioned i was doing something wrong without knowing it. I had to change the Authentication method to client_secret_post. Now everything works like a charm. Thanks Mike