Token invalid_client

By: Tássio Noronha user 23 Aug 2018 at 3:54 a.m. CDT

3 Responses
Tássio Noronha gravatar
I'm having some trouble getting the token. My flow: https://xxx.xxx/authorize?scope=openid&response_type=code&redirect_uri=http%3A%2F%2Fexample.org%2F&client_id=%40%21703F.9811.D818.69A8%210001%212593.0752%210008%21CCE8.C752.F4E4.5693 I get this token, then i send. ``` curl -X POST \ https://xxx.xxx/oxauth/restv1/token \ -H 'cache-control: no-cache' \ -H 'content-type: application/x-www-form-urlencoded' \ -H 'postman-token: fa65d3c4-faea-1ae4-25fd-4b5770e85273' \ -d 'grant_type=authorization_code&code=6a86aaa4-6015-4ab4-a464-922cb2443f16&redirect_uri=http%3A%2F%2Fexample.org%2F&client_id=%40!703F.9811.D818.69A8!0001!2593.0752!0008!CCE8.C752.F4E4.5693&client_secret=passwordtest' ``` And here, the response: `{"error":"invalid_client","error_description":"Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the Authorization request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code, and include the WWW-Authenticate response header field matching the authentication scheme used by the client."}` My client configuration: ``` Scopes: email openid Response Types: code id_token token Grant Types: client_credentials authorization_code implicit refresh_token ```
Ubuntu 16.0
closed

Answers

By Aliaksandr Samuseu staff 23 Aug 2018 at 6:20 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Tassio. Please check [this article about logs](https://gluu.org/docs/ce/3.1.3/operation/logs/), set oxAuth's logs to DEBUG level, then retry your flow and provide us relevant excerpts from `oxauth.log`. We can't say much with only a general error message at hand, you need to gather more details.

By Tássio Noronha user 24 Aug 2018 at 3:50 a.m. CDT

Copy
Tássio Noronha gravatar
Thanks for your response Aliaksandr! My log in this context(authentication + try get a token) ``` 2018-08-24 08:45:17,114 INFO [qtp1744347043-63346] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:357) - Authentication success for User: 'renedcartes' 2018-08-24 08:45:45,662 INFO [qtp1744347043-63346] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:217) - Authentication success for Client: '@!703F.9811.D818.69A8!0001!2593.0752!0008!725D.C7E7' 2018-08-24 08:45:57,581 ERROR [qtp1744347043-10] [org.xdi.oxauth.service.SessionIdService] (SessionIdService.java:271) - Faces context returns null for http request object. 2018-08-24 08:45:57,593 INFO [qtp1744347043-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:498) - Attempting to redirect user: SessionUser: SessionState {dn='oxAuthSessionId=ede1865a-b533-4acd-a552-06e50c2bed09,ou=session,o=@!703F.9811.D818.69A8!0001!2593.0752,o=gluu', id='ede1865a-b533-4acd-a552-06e50c2bed09', lastUsedAt=Fri Aug 24 08:45:57 UTC 2018, userDn='inum=@!703F.9811.D818.69A8!0001!2593.0752!0000!E1FA.C62E.6606.3FF0,ou=people,o=@!703F.9811.D818.69A8!0001!2593.0752,o=gluu', authenticationTime=Fri Aug 24 08:45:57 UTC 2018, state=authenticated, sessionState='fa8e6db0-6943-44cd-855a-d1aa0b63c406', permissionGranted=null, isJwt=false, jwt=null, permissionGrantedMap=org.xdi.oxauth.model.common.SessionIdAccessMap@1141b5cd, involvedClients=null, sessionAttributes={auth_step=1, acr=auth_ldap_server, remote_ip=193.248.46.10, auth_external_attributes=[], scope=openid profile email user_name, acr_values=auth_ldap_server, response_type=code, redirect_uri=https://accounts.myco.coop/identity/authentication/getauthcode, state=e9ab73b4-aef5-4873-b56c-463e47224cda, nonce=1a086195-8bf6-424f-b42f-45978c16d0c5, client_id=@!703F.9811.D818.69A8!0001!2593.0752!0008!725D.C7E7}, persisted=true} 2018-08-24 08:45:57,594 INFO [qtp1744347043-10] [org.xdi.oxauth.service.AuthenticationService] (AuthenticationService.java:506) - Attempting to redirect user: User: org.xdi.oxauth.model.common.User@6b0c9e5d 2018-08-24 08:45:57,595 INFO [qtp1744347043-10] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:357) - Authentication success for User: 'myco' 2018-08-24 08:45:57,744 INFO [qtp1744347043-63346] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:217) - Authentication success for Client: '@!703F.9811.D818.69A8!0001!2593.0752!0008!725D.C7E7' ```

By Aliaksandr Samuseu staff 27 Aug 2018 at 6:19 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Tassio. Your request from the opening post doesn't seem correct, it misses proper "Authorization" header. You should refer to [OpenID core spec](http://openid.net/specs/openid-connect-core-1_0.html#TokenRequest) when in doubt.

Post an answer