Error: request_unauthorized on access token introspection

Having obtained my access_token, I would like to verify it’s status from within my resource provider. I am running into errors:

msg=An error occurred while handling a request code=401 debug= details=map[] error=request_unauthorized reason=Check that you provided valid credentials in the right format.

My client has "token_endpoint_auth_method": "none" so my assumption is that I do not need to supply header information. If I do, what should be the format of the same?

I am using an Elixir Client to perform these calls and not a CURL or direct HTTP call to the service.

Thank you for contributing to this repository by creating an issue!

Unfortunately, your issue lacks vital information, such as log files, the error message, the software version, your configuration or other pieces of the puzzle.

Please also ensure that your issue is appropriately formatted. If you do not know how to write markdown, you can find help here.

Helping you with your problem is only possible if you share this information, and it will save a lot of time of back and forth on your as well as our end!

The log simply shows this:

time=2020-08-14T09:12:45Z level=info msg=started handling request http_request=map[headers:map[accept:application/x-www-form-urlencoded accept-encoding:gzip authorization:Value is sensitive and has been redacted. To see the value set config key "log.leak_sensitive_values = true" or environment variable "LOG_LEAK_SENSITIVE_VALUES=true". user-agent:hackney/1.16.0 x-forwarded-for: x-forwarded-proto:https] method:POST path:/oauth2/introspect query:<nil> remote: scheme:http]
time=2020-08-14T09:12:45Z level=error msg=An error occurred audience=application error=map[message:request_unauthorized reason:Check that you provided valid credentials in the right format. status:Unauthorized status_code:401] service_name= service_version=

Well, how are you calling the introspection endpoint? Give me a reproducible case or at least some details to work with.

I am making the call using an OAuth2 client.

  authorize_url: "",
  client_id: "7DFA3C17A46FA",
  client_secret: "GfdnUngQVyBVkxvx0hOTU+8jR5zTVUR4LLx97/xJghvH7fwdyCrWzom3Lg35Fp4J",
  headers: [
  params: %{},
  redirect_uri: "http://localhost:4000/auth/callback",
  ref: nil,
  request_opts: [],
  serializers: %{"application/json" => Jason},
  site: "",
  strategy: Auth.Strategy,
  token: nil,
  token_method: :post,
  token_url: ""

That is then piped into a function that makes the post request.

The public part allows me to match the routes in traefik and allows me to push to either 4444 | 4445 based on that.

Is there a way to enable the logs to provide more info so I can show you exactly what comes in and which format it’s in?

@hackerman any input on this?

@churcho maybe post the raw request, instead of forcing recipients to guess how its gonna look.

from the first look your base64 encoded basic authorisation does not seem right
so the error message is on point telling you it can’t do with the credentials given

1 Like