Invalid_client error in auth code grant flow

chakshu222 · February 28, 2019, 10:52am

Hi guys,
I have set up hydra using docker and kubernetes, It is working fine for the client credentials grant type but when I hit the /oauth2/auth endpoint to get the auth code with GET request with header as ‘x-www-form-urlencoded’ along with response_type as code and client_id, I get 200 response with Error: invalid_client, Description: Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method) and Hint: The requested OAuth 2.0 Client does not exist.
I also tried sending client_secret alongwith request but still same response.
Same client works fine with client credentials grant type.
Client registration response json is (POST /clients response): {
“client_id”: “test-stag-9”,
“client_name”: “test”,
“redirect_uris”: [
“localhost:8080”
],
“grant_types”: [
“authentication_code”,
“client_credentials”
],
“response_types”: [
“code”,
“token”
],
“scope”: “name mail”,
“owner”: “”,
“policy_uri”: “”,
“allowed_cors_origins”: null,
“tos_uri”: “”,
“client_uri”: “”,
“logo_uri”: “”,
“contacts”: null,
“client_secret_expires_at”: 0,
“subject_type”: “public”,
“token_endpoint_auth_method”: “none”,
“userinfo_signed_response_alg”: “none”
}

Using oryd/hydra:v1.0.0-beta.9
Any help will be much appreciated

hackerman · February 28, 2019, 11:29am

The error is very clear:

Hint: The requested OAuth 2.0 Client does not exist.

Make sure a client with ID test-stag-9 actually exists…

chakshu222 · February 28, 2019, 11:43am

I already added the response which I got after registering the client. As I got the successful response doesn’t that mean that the client is registered successfully.

chakshu222 · February 28, 2019, 12:00pm

From GET /clients I have added part of response
{
“client_id”: “test-stag-9”,
“client_name”: “test”,
“redirect_uris”: [
“localhost:8080”
],
“grant_types”: [
“authentication_code”,
“client_credentials”
],
“response_types”: [
“code”,
“token”
],
“scope”: “name mail”,
“owner”: “”,
“policy_uri”: “”,
“allowed_cors_origins”: [],
“tos_uri”: “”,
“client_uri”: “”,
“logo_uri”: “”,
“contacts”: [],
“client_secret_expires_at”: 0,
“subject_type”: “public”,
“token_endpoint_auth_method”: “none”,
“userinfo_signed_response_alg”: “none”
},

hackerman · February 28, 2019, 12:35pm

Please use a software library for interacting with OAuth2, this is not possible: “I hit the /oauth2/auth endpoint to get the auth code with GET request with header as ‘x-www-form-urlencoded”. You can not use GET with a request body (x-www-form-urlencoded).

A list of libraries for your langauge can be found here: https://oauth.net/code/

chakshu222 · March 1, 2019, 8:58am

Thanks for the help @hackerman. I will go ahead with the library implementation but the IETF link that is there in the documentation of /oauth2/auth suggests to use “application/x-www-form-urlencoded” format and in the sample request they have used GET request to interact.