Forming the /oauth/token call

Support Installation and Deployment
1

Imported Google Group message. Original thread at: Redirecting to Google Groups Import Date: 2016-01-19 21:16:41 +0000.
Sender:S. Alexander Zaman.
Date:Thursday, 25 June 2015 19:27:09 UTC+1.

Hi Martin,

I am having a bit of trouble getting the /oauth/token call to respond. I looked at Aaron Parecki Oauth guide that you recommended and have been trying to follow the advice from the following discussion.

https://groups.google.com/forum/#!searchin/tyk-community-support/$2Foauth$2Ftoken/tyk-community-support/0FuyaV4zt18/UuC8tiNmP68J

Do you know what might be going wrong here?

To test I’m using postman.

  1. I call the authorize-client call to get a token

===REQUEST===
POST /db7c60750d8f4bc1628285c9327cd5cd/tyk/oauth/authorize-client/ HTTP/1.1
Host: {{GATEWAY SERVER}}
x-tyk-authorization: 352d20ee67be67f6340b4c0605b044b7
Cache-Control: no-cache
Postman-Token: 3d85fde1-ad9a-fa04-b57a-9b341a455259
Content-Type: application/x-www-form-urlencoded

client_id=77458a6996ba4ae94ea028644d070763
&response_type=code
&redirect_uri=http%3A%2F%2Fhttpbin.org%2Fpost
&key_rules=%7B+++++%22allowance%22%3A+999%2C+++++%22rate%22%3A+1000%2C+++++%22per%22%3A+60%2C+++++%22expires%22%3A+0%2C+++++%22quota_max%22%3A±1%2C+++++%22quota_renews%22%3A+1406121006%2C+++++%22quota_remaining%22%3A+0%2C+++++%22quota_renewal_rate%22%3A+60%7D

===RESPONSE===
{“code”:“KOKf4uDdQ5uMF__rPRNZXw”,“redirect_to”:“http://httpbin.org/post?code=KOKf4uDdQ5uMF__rPRNZXw”}

  1. I went to a base_url converter (https://jsfiddle.net/gabrieleromanato/qaght/) to convert the string “{{client_id}}{{client_secret}}” to base64.

  2. I tried to make the following oauth/token call and got an invalid response

=== REQUEST===

POST /db7c60750d8f4bc1628285c9327cd5cd/oauth/token HTTP/1.1
Host: {{GATEWAY SERVER}}
Authorization: Basic Nzc0NThhNjk5NmJhNGFlOTRlYTAyODY0NGQwNzA3NjNNekExTVRFd016RXRNalUzTWkwME5qWXlMVFpqWTJRdFlUZzFaVGxtWldZeE16Vms
Cache-Control: no-cache
Postman-Token: a5ece429-6d43-838f-bf81-b39fdd016dd8
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&client_id=77458a6996ba4ae94ea028644d070763&redirect_uri=http%3A%2F%2Fhttpbin.org%2Fpost&code=KOKf4uDdQ5uMF__rPRNZXw

=== RESPONSE ===
{“error”:“invalid_request”,“error_description”:“The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.”}

Do you have any advice on how I can get the token to authorize?

Best regards,
Alex

2

Imported Google Group message.
Sender:Martin Buhr.
Date:Friday, 26 June 2015 09:21:28 UTC+1.

Hi Alex,

Went back to my postman test scripts, and tested against my dev machine, here’s what I have managed ot get to work:

Request:

POST http://localhost:8080/LISTEN_PATH/oauth/token/

Post Params (url-encoded in post body):

grant_type = authorization_code

client_id =CLIENT_ID

redirect_uri = http://somehost.com/
code =AUTH_CODE

Post Headers:

Authorization: Basic base64Encode(CLIENT_ID:CLIENT_SECRET)

Looking at your request, you’ve got everything ok. The only things that look odd is that you have url-encoded the redirect URI, you don’t need to do that if you are using postman, it will encode it when it sends it (otherwise you risk double-encoding), More importantly (and I htink this is the problem), I also notice you are missing a slash at the end of your oauth/token/ URL, you will need to put the slash in otherwise it redirects, which will lose the POST data and then fail with the generic error.

I hope that helps!

Cheers,
Martin

3

Imported Google Group message.
Sender:.
Date:Thursday, 25 June 2015 19:46:30 UTC+1.

Hi,

Hmm well it looks like you are missin some parameters :slight_smile:

Check the token request section in this tutorial, it looks like you are missing a few, don’t have a of atm so can only check my test scripts tomorrow.

Have you taken a look at the OAuth tests in the repo?

Cheers,
Martin

Sent from Outlook

  • show quoted text -

  • show quoted text -


You received this message because you are subscribed to the Google Groups “Tyk Community Support” group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected].
To view this discussion on the web, visit https://groups.google.com/d/msgid/tyk-community-support/cb4e547e-577a-4e3d-8719-ffbe01a00202%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

4

Imported Google Group message.
Sender:S. Alexander Zaman.
Date:Thursday, 25 June 2015 21:10:15 UTC+1.

(Looks like my response did not show up on the message board. Sorry for the Duplicate Martin.)

Yeah the parameter that I didn’t have which is in the tutorial is “client_secret”. I had removed it following advice from the discussion between you and pascal, and in your test cases. I tried putting it back in but it didn’t change the response.

I tried looking at the tests and seeing what didn’t match up but I didn’t find any notable differences. One thing I did notice was that the discussion mentioned the authorization header was formed doing a base64 encoding combining client_id and client_secret. was there anything delimiting between the two? your test seems to suggest not but I am not sure.

One thing that I incorrectly mentioned above is that the base64 encoding is actually created by putting together client_id and client_secret with a ‘:’ (colon) in between. That’s how pascal and your tests did it. I had made that fix but it is still giving me the same problems.

HEADERS:
Authorization: Basic Nzc0NThhNjk5NmJhNGFlOTRlYTAyODY0NGQwNzA3NjM6TXpBMU1URXdNekV0TWpVM01pMDBOall5TFRaalkyUXRZVGcxWlRsbVpXWXhNelZr
(encoded by base64 on “{{client_id}}:{{client_secret}}” )

PARAMS:
grant_type = authorization_code
client_id = 77458a6996ba4ae94ea028644d070763
redirect_uri = http%3A%2F%2Fhttpbin.org%2Fpost
code = KOKf4uDdQ5uMF__rPRNZXw

If you have time tomorrow to help out that be great. Thanks for looking into my issue!

Best,
Alex

5

Imported Google Group message.
Sender:S. Alexander Zaman.
Date:Friday, 26 June 2015 15:59:15 UTC+1.

OMG I forgot the slash again! Massive apologies for my stupidity. The call seems to be working fine now after I put the ‘/’ (slash) suffix
Thanks Martin.

Alex

  • show quoted text -