Hi Sakit, Have you checked version_3.1.0 not the Beta one? Please try 3.1.0 . If you are still facing issue please let me know Thanks, Jajati

Hi Sakit, Just checking if the error is resolved now by using OXD Server 3.1.0 Thanks, Jajati

Hi. I used this version(oxd-server-3.1.0-SNAPSHOT). But again i got the same error.

[oxd-server-3.1.0-SNAPSHOT](http://ox.gluu.org/maven/org/xdi/oxd-server/3.1.0-SNAPSHOT/oxd-server-3.1.0-SNAPSHOT-distribution.zip) Also could you please provide the Redirect Url you are trying for Register the Site? Please make sure you are not trying a localhost url. The Redirect url must be a hostname with https . Ex https://client.example.com Thanks, Jajati

Ou yeah. I know that . I use my domain as redirect uri (https://client.sakit.com)

Ok. Could you please share the code block where you the Client registration code is implemented. You can check this document also if your client application is on Java https://gluu.org/docs/oxd/libraries/java/

Here you are . RegisterSiteResponse result = null; try { CommandClient client = new CommandClient("127.0.0.1", 8099); final RegisterSiteParams commandParams = new RegisterSiteParams(); commandParams.setOpHost("https://client.gluu.info"); commandParams.setAuthorizationRedirectUri("https://client.oxd.info:8443/GluuServerTest/user/profile"); // commandParams.setPostLogoutRedirectUri(postLogoutRedirectUrl); // commandParams.setClientLogoutUri(Lists.newArrayList(logoutUri)); commandParams.setScope(Lists.newArrayList("openid","uma_protection","uma_authorization", "email", "clientinfo", "profile", "permission")); Command command = new Command(CommandType.REGISTER_SITE); command.setParamsObject(commandParams); result = client.send(command).dataAsResponse(RegisterSiteResponse.class); } catch (Exception ex) { System.err.println(ex.getMessage()); } I know docs. I have used this code in previous version of oxd and there was no problem.

Woww , it worked. I used oxd that you sent. But now i get another error . After registering i get oxd_id . it is ok. But oxd server does not create json file(client info). Besides What is that protectionAccessToken ? How can i get it ? 2017-05-15 11:07:30,612 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"get_authorization_url","params":{"prompt":null,"scope":["openid","email","clientinfo"],"oxd_id":"5e6a5ce0-938a-45c0-9f48-f87709e470c5","acr_values":null,"hd":null,"protection_access_token":null}}', m_leftString=''} 2017-05-15 11:07:30,612 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"get_authorization_url","params":{"prompt":null,"scope":["openid","email","clientinfo"],"oxd_id":"5e6a5ce0-938a-45c0-9f48-f87709e470c5","acr_values":null,"hd":null,"protection_access_token":null}} 2017-05-15 11:07:30,613 ERROR [org.xdi.oxd.server.Processor] ErrorResponseException{errorResponseCode=ErrorResponseCode{value='blank_protection_access_token', description='protection_access_token is blank. Command is protected by protection_access_token, please provide valid token or otherwise switch off protection in configuration with protect_commands_with_access_token=false'}} at org.xdi.oxd.server.service.ValidationService.validate(ValidationService.java:65) at org.xdi.oxd.server.service.ValidationService.validate(ValidationService.java:51) at org.xdi.oxd.server.Processor.process(Processor.java:76) at org.xdi.oxd.server.Processor.process(Processor.java:53) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:60) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) 2017-05-15 11:07:30,614 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"blank_protection_access_token","error_description":"protection_access_token is blank. Command is protected by protection_access_token, please provide valid token or otherwise switch off protection in configuration with protect_commands_with_access_token=false"}} 2017-05-15 11:07:30,614 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2017-05-15 11:07:30,614 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage:

Hi. I am wainting for your answer :)

Hi Sakit, If you are using oxd server 3.1 + you need to send access token with each request. This is for added security. However if you don't need this you can turn off this feature by changing "protect_commands_with_access_token": false in the configuration file. Please check the below url https://github.com/GluuFederation/oxd/issues/75#issuecomment-301459327 Thanks Jajati

Ok I will do it. But I don't understand the exact reason why you added this feature? And I just try to get authenticate url. why do I need any access token? And how can I get access token if I don't authenticate my user?

Hi Sakit, This is an optional feature for oxd server and mandatory feature for upcoming OXD Web. If you are only using oxd-server then you can turn off this by changing "protect_commands_with_access_token": false in config file. If you use setup_client command instead of register_site command then as a response you will get client_registration_access_token. NOTE: This command will work when "client_registration_access_token": is not set to false in config file Thanks, Jajati

I got it . I corrected that and it worked. Thanks.