Issue a Token via rest problems


#1

I following the 5 minute tut: https://www.ory.sh/docs/guides/master/hydra/1-tutorial/
but trying to use the REST API.
I created a client with a grand type of '“client_credentials”

json response:

  • Connection #0 to host sdp-dev-agent01 left intact
    {“client_id”:“onePriv”,“client_name”:"",“client_secret”:“secret”,“redirect_uris”:null,“grant_types”:[“client_credentials”],“response_types”:[“code”,“id_token”,“token”],“scope”:“foo”,“owner”:"",“policy_uri”:"",“tos_uri”:"",“client_uri”:"",“logo_uri”:"",“contacts”:null,“client_secret_expires_at”:0,“subject_type”:“public”,“token_endpoint_auth_method”:“client_secret_basic”,“userinfo_signed_response_alg”:“none”}%

When requesting a token the command line works, but the rest api reports:

My rest call:
curl -X POST
http://sdp-dev-agent01:32417/oauth2/token
-H ‘content-type: application/x-www-form-urlencoded’
-d ‘client_id=one&client_secret=secret&grant_type=client_credentials’

and the response:
{“error”:“invalid_client”,“error_description”:“Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)”,“error_hint”:“The OAuth 2.0 Client supports client authentication method “client_secret_basic”, but method “client_secret_post” was requested. You must configure the OAuth 2.0 client’s “token_endpoint_auth_method” value to accept “client_secret_post”.”,“status_code”:401}%

From this post:

I can see that the “-H ‘authorization: Basic YWRtaW46ZGVtby1wYXNzd29yZA==’” header was added. I not sure how all this fit together.

It look like we require basic authentication to use the oauth2/token endpoints, but I not sure how to configure this?

PS.
I update my client definitions to contains token_endpoint_auth_method=client_sercret_post

REST response

  • Connection #0 to host sdp-dev-agent01 left intact
    {“client_id”:“onePriv”,“client_name”:"",“client_secret”:“secret”,“redirect_uris”:null,“grant_types”:[“client_credentials”],“response_types”:[“code”,“id_token”,“token”],“scope”:“foo”,“owner”:"",“policy_uri”:"",“tos_uri”:"",“client_uri”:"",“logo_uri”:"",“contacts”:null,“client_secret_expires_at”:0,“subject_type”:“public”,“token_endpoint_auth_method”:“client_secret_post”,“userinfo_signed_response_alg”:“none”}%

but still the same error


#2

If you add your authentication in the header then use “client_secret_basic”
If you add your authentication details in the post use “client_secret_post”

https://www.ory.sh/docs/guides/master/hydra/6-how-to/4-debug