Unauthorized client

By: Kévin P. user 20 Feb 2018 at 3:50 a.m. CST

4 Responses
Kévin P. gravatar
Hello, I'm testing Gluu server and I'm trying to setup a SSO. I've followed the documentation, and registered an OpenId Connect Client in the UI interface, setting the client secret to `test`. I've then created a simple client to test this: ``` <button onClick="OIDC.login( {scope : 'openid profile email', response_type : 'token id_token'} );" type="button" class="btn btn-success" >Authenticate</button> <script src="https://cdn.rawgit.com/GluuFederation/openid-implicit-client/master/openidconnect.js"></script> <script> (function() { var clientInfo = { client_id: "test", redirect_uri: "https://test.example.com/callback.html", } var providerInfo = OIDC.discover("https://auth.example.com") OIDC.setClientInfo(clientInfo) OIDC.setProviderInfo(providerInfo) OIDC.storeInfo(providerInfo, clientInfo) sessionStorage.removeItem("state") sessionStorage.removeItem("nonce") console.log(providerInfo) })() </script> ``` But when I click on the button, I get: ``` {"error":"unauthorized_client","error_description":"The client is not authorized to request an access token using this method.","state":"amnntb"} ``` I'm not able to find anything in logs files. The only log I can find is apache access logs. If you can provide help on how to configure a client? Thanks
Ubuntu 16.04
closed

Answers

By Aliaksandr Samuseu staff 20 Feb 2018 at 7:43 a.m. CST

Copy
Aliaksandr Samuseu gravatar
Hi, Kévin. >I've followed the documentation, and registered an OpenId Connect Client in the UI interface Could you provide a link to the doc you followed? >I've then created a simple client to test this: Please note that community (free) users support doesn't cover custom client development. Consider using [one of the officially supported clients](https://www.gluu.org/blog/limiting-openid-connect-community-client-support/) for your first time with Gluu, and trying to experiment with any non-standard setups only after you've read [the spec](http://openid.net/specs/openid-connect-core-1_0.html) and studied how it works in practice. You could follow our [mod_auth_openidc doc](https://gluu.org/docs/ce/3.1.2/integration/sswebapps/openidc-rp/), for example.

By Kévin P. user 20 Feb 2018 at 9:59 a.m. CST

Copy
Kévin P. gravatar
Hi, Thanks for the repply. It is not a custom client, it is simply the code I find here: https://gluu.org/docs/ce/3.1.2/integration/spa/oauth-js-implicit/ All that I've found about this error is that it is often related to dynamic client registration. But I'm not doing this. I registered manually the client.

By Aliaksandr Samuseu staff 20 Feb 2018 at 10:21 a.m. CST

Copy
Aliaksandr Samuseu gravatar
Ok, now I see. I'm not sure how well the implicit flow doc was tested for the latest packages. I'll do my best checking steps there and will get back to you. >But I'm not doing this. I registered manually the client. Please provide dump of your client's metadata, just in case: 1. Move into container 2. Put your LDAP password into `/tmp/.dpw` 3. Run this command to dump the metadata: `# /opt/opendj/bin/ldapsearch -h 127.0.0.1 -p 1636 -s sub -T -Z -X D 'cn=directory manager' -j /tmp/.dpw -b 'o=gluu' -z 3 '&(objectclass=oxauthclient)(inum=YOUR_CLIENT_INUM)'` Where `YOUR_CLIENT_INUM` is unique ID of your client you can learn if you'll open its settings page in web UI (the first field there)

By Kévin P. user 20 Feb 2018 at 1:53 p.m. CST

Copy
Kévin P. gravatar
Hi, Reading your comment, I understood that I did not took to good client id which is INUM. Thanks for your help. It works now.

Post an answer